How can we improve the Microsoft Edge developer experience?

Subresource Integrity

Subresource Integrity defines a mechanism by which user agents may verify that a fetched resource has been delivered without unexpected manipulation. In a nutshell, metadata inlined into HTML elements allows the browser to determine whether the resource that was downloaded matches the resource the page's author expected to download.

http://w3c.github.io/webappsec/specs/subresourceintegrity/

2,419 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Jonathan Sampson [MSFT] shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    37 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Anonymous commented  ·   ·  Flag as inappropriate

        Admin -- the typo "noe" makes your answer unclear. Is that supposed to be "now" or "not"? CanIUse still showes that SRI is not supported by IE or Edge

      • Anonymous commented  ·   ·  Flag as inappropriate

        Please include SRI in Edge, this is a vital prevention mechanism that provides enhanced security to users of websites.

      • MuiBienCarlota commented  ·   ·  Flag as inappropriate

        "UNDER CONSIDERATION" since August 06, 2014!

        Just for computing hash value(s) during download (with almost no time penalty) and making checks when last byte is received.

      • tom commented  ·   ·  Flag as inappropriate

        edge is still so far behind the times and hates user security. implement this now?

      • Nicolas Hoffmann commented  ·   ·  Flag as inappropriate

        Please implement SRI, I suppose it won't be the most difficult API to implement, and it is a recommendation of W3c :)

      • Craig Stevens commented  ·   ·  Flag as inappropriate

        Looks bad to my clients that I have to appear to downgrade their site's security for the majority of users just because a minority use Edge. Let's get this done ASAP.

      • Matt Starks [ITsolver] commented  ·   ·  Flag as inappropriate

        It's not a major security issue by itself, and yes we also need to get on our cdns and patch their holes up, and yes it can cause js page errors if and when cdns traffic gets blocked but it's SRI, it's a standard, and in the case of a compromised cdn this will prevent us from any liability or user distrust, and it is not that difficult to implement and we Edge users are the only ones who don't have it.

        So lets get it done

      • Sireen O'Mari commented  ·   ·  Flag as inappropriate

        Please add Subresource Integrity to Edge and IE 11 and protect your users. Why wait? Firefox and Chrome implement it.

        It would be wrong if (hopefully soon) MVC bundle library starts adding support for SRI and Edge does not support it. Add it ASAP.

      ← Previous 1

      Feedback and Knowledge Base