Skip to main content

Subresource Integrity


TinFoil Security on Subsource Integrity

W3C chat between Joel Weinberger from Chromium and Gervase Markham from Mozilla talking about Subresource Integrity

I've no idea whether this is something a website owner can implement on his or her own. Does it need the cooperation of the asset provider?

The only outside assets I uses are Google fonts. I asked Nik Black from Tinfoil Security, and he answered this way:

The webmaster can calculate the hash independent of the asset provider yes, we usually recommend https://www.srihash.org/ but it looks like they don't handle the Google web font resources correctly. Subresource Integrity Protection is still relatively new, so support for it is still catching up.

Comments

Popular posts from this blog

MarsEdit 4

I've been using MarsEdit for just over seven years. I started with version 2, and then upgraded to version 3 in 2010.Now, in 2018, I just upgraded to version 4. This is my first post with the upgrade and I'll report on it in a little while as I get used to the new version.Here is what Daniel of Red Sweater Software has to say about his product:Browser-based interfaces are slow, clumsy, and require you to be online just to use them. Browsers are perfect for reading web content, but not ideal for creating it. If you're serious about writing for the web, you need a desktop blog editor. If you're lucky enough to have a Mac, nothing is more powerful, or more elegant than MarsEditRich and Plain Text Editing MarsEdit's editor switches easily from Plain to Rich Text, so you can work in whichever format you prefer. Love Markdown? MarsEdit can preview it and convert it to HTML if needed.Wildly Compatible Works with WordPress, Blogger, Tumblr, TypePad, Movable Type, and any …

Resistance Is Futile

Some of the trains that run from London Kings Cross to Cambridge divide at Cambridge. Part of the train goes on to Kings Lynn and the rest stops at Cambridge and does the run back to London. Perhaps it picks up other carriages coming from somewhere else, I don’t know but it seems likely.When you get on the train and before it sets off, there’s a public announcement announcing how the train divides. It explains that the train is composed of eight carriages and that passengers wanting to travel beyond Cambridge should ensure that they are in the front four carriages.The rear four carriages are of course nearest the barrier, so we choose to sit in one of those carriages if for no other reason than that we don’t have to walk so far to find a seat.So there we are and the voice comes over with the announcement. And then there is a pause and then a voice tells you what carriage you are in. So we hear ‘Six of Eight’ or ‘Seven of Eight’ – and every time I hear it I think of Star Trek, ‘Three o…

Business For Britain Is Concerned With Business For Britain

This report in the New York Times today


LONDON — Is British business fretting about the risks of the country drifting out of the European Union? Or does it crave a looser relationship with Continental allies, one free from meddlesome regulation?
The answer to that question remained unclear Monday after a newly formed group of business leaders argued for a renegotiation of Britain’s membership terms — echoing the policy of Prime Minister David Cameron, who in January promised voters a referendum on whether the country would remain in the Union.
The new group, called Business for Britain, is intended to counter the intervention of pro-E.U. business leaders who have warned of the dangers of Britain slipping out of the 27-nation bloc and its single market of 500 million people. A statement released Monday to announce the group’s formation was signed by about 500 executives.
I think this opinion in the New York Times article is interesting:

Never much attracted to the idea of European unity,…