Hacker News new | past | comments | ask | show | jobs | submit login

Not bad, but as far as I can see it requires you are _really_ sure no further scripts are dynamically loaded.

Or is there a way for the server to specify all resources must have SRI?




https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Co...

You can combine CSP it with SRI hashes and also report violations to the backend.


Yes, by using CSP


Nice, at least it's possible.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: