I really want to like this, but unfortunately does not work in my environment

  • in the age of page-caching (wp-super-cache) and minification/consolidation of scripts/styles (autoptimization), this probably needs to be hooked in after all that gets done otherwise the hash generated won’t match. Ideally, this tests the consolidated minimized script locally even before it gets uploaded to the CDN to cover the pathological case that the script gets mutated at the CDN even before it gets it’s SHA hash done.

Viewing 2 replies - 1 through 2 (of 2 total)

  • you don’t have, use, or need SRI for local assets. It only does this for remote assets.

    Thread Starter darkknight83

    (@darkknight83)

    well, page-caching and autoptimize (after minimizing and combining) both redirect the content to the?CDN (which improves performance significantly).? I’m just saying that generating the hash before relocating the content to the CDN is a better option than generating the hash from the CDN content. Of course I can just omit CDN-ifying the scripts/styles, but I don’t think it’s reasonable to have to choose between performance and security – both are needed!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘I really want to like this, but unfortunately does not work in my environment’ is closed to new replies.