Subresource Integrity advice #78
Comments
|
@soulgalore First I want to say how amazing this product is. Especially the little big details such as:
Would you like the advice as a PR or a User Story written in Gherkin Lang? Let me know, can't wait to get this in. |
|
thanks @jdorfman :) The good thing I think is that we know that something like the coach is never finished so will continue to add/change advice when browsers evolve. If you could implement it and send a PR that would be great! @tobli and my work on sitespeed.io 4.0 will keep us busy for the coming months so if you have time to implement it, it would be great! And we can help out of course, there can be some docs that are missing. Ping me on Twitter/email or this issue :) |
|
I think @jonathanKingston might be able to get this done faster than I can. I am going to send him an email. |
|
Hey @jdorfman we should start an SRI anonymous club :). Thanks for pinging me. I don't have the greatest amount of time at the moment however we can kick of the conversation at least. Checking for validity probably makes sense here and advising if they have it wrong (not sure if multiple states for the message are exposable on the report card at the moment)
For security related tests the amazing https://github.com/mozilla/http-observatory by @marumari is worth checking out as there will be massive overlap. |
As reported by @tobli this could be something for the coach:
https://hacks.mozilla.org/2015/09/subresource-integrity-in-firefox-43/
https://hacks.mozilla.org/2016/04/how-to-implement-sri-into-your-build-process/
We could add an advice a put it in the best practice category for now.
The text was updated successfully, but these errors were encountered: