but not this: but not this: but not this:
DEVHIDE
Login Or Sign up

Why Does Subresource Integrity require CORS?

123 Views Asked by At

I don't understand why my browser allows this:

<script src="https://www.google.com/recaptcha/api.js"></script>

but not this:

<script src="https://www.google.com/recaptcha/api.js" integrity="..."></script>

The latter fails due to CORS. Why do I need google's (or any server's) permission to verify that they haven't changed their script on me? Seems backwards. File integrity should be 100% client side and not involve the server at all.

javascript google-chrome http cors subresource-integrity
Original Q&A
0

There are 0 best solutions below

Related Questions in JAVASCRIPT

Related Questions in GOOGLE-CHROME

Related Questions in HTTP

Related Questions in CORS

Related Questions in SUBRESOURCE-INTEGRITY

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs

Popular Questions

.

Copyright © 2021 Jogjafile Inc.