Add recommendation to use SRI for versioned & stable resources #102
Comments
|
The examples in the page should also be updated to generally include a |
|
I’m not sure of the process here, but I’m happy to put together a proposal and PR it for comments? |
|
SGTM. I'll happily help review a patch. |
|
Not sure if it notified anyone, but a patch is waiting @mikewest for when you have time. Zero rush of course 🙂 |
|
Thanks for the ping! I added a few comments there. |
|
@mozfreddyb @robinwhittleton You may be interested in a study we published last year about the web developer experience with SRI. It included a survey (section 5.5) related to the meaning of an SRI violation. It included a couple of questions such as:
The results where quite interesting and confirm the need for providing good examples in the specification. |
|
Thanks! I’ll review these. |
|
@bchapuis Thank you for conducting and sending us the study! Do you want to transform the proposed next steps from your paper into GitHub issues? We're not working on SRI improvements with a high priority, but getting individual things (like this one here) into the spec should be non-trivial if done incrementally. |
I assumed this was a given, but apparently people are surprised and don't really know or understand what should happen when SRI fails.
We should add a note that recommends more clearly...
a) what an SRI violation means (the file you thought you were loading does not laod anymore because its content changed)
b) how to deal with it gracefully (host a copy someplace else and listen for error events on the script, maybe?)
The text was updated successfully, but these errors were encountered: