@@ -591,22 +591,51 @@ spec: SHA2; urlPrefix: http://csrc.nist.gov/publications/fips/fips180-4/fips-180
591591 executed. This could cause problems for users, so the system should be
592592 designed to cope with errors.
593593
594- If an alerting or logging system exists, the integrity error should be
595- sent to that so that the violation can be resolved safely.
594+ In response to an integrity error when loading a resource from a CDN or other
595+ third-party server, the system could attempt to load a fallback resource from
596+ a same-origin mirror.
596597
597- The integrity error could also trigger the system to attempt to load the
598- resource from a local copy instead of a CDN or other third-party server.
599- It is worth evaluating if a local resource may be a better initial choice
600- rather than using a resource hosted on a CDN.
598+ <div class="example">
599+ <pre>
600+ <script>
601+ document.addEventListener('error' , error => {
602+ const erroringScript = error.target;
603+ if (erroringScript.hasAttribute('integrity' )) {
604+ const fallbackURL = erroringScript.getAttribute('src' ).replace(/https:\/\/.*?\//, '/' );
605+ const fallbackScript = document.createElement('script' );
606+ fallbackScript.setAttribute('src' , fallbackURL);
607+ erroringScript.after(fallbackScript);
608+ }
609+ }, true);
610+ </script>
611+
612+ <script src="https://example.com/v1.0/example-framework.js"
613+ integrity="sha384-Li9vy3DqF8tnTXuiaAJuML3ky+er10rcgNR/VqsVpcw+ThHmYcwiB1pbOxEbzJr7"
614+ crossorigin="anonymous"></script>
615+ </pre>
616+ </div>
617+
618+ Code that attempts to replace a third-party resource with a same-origin
619+ mirror in the event of an error will need to be initialised before the
620+ load attempt has been made.
621+
622+ It is worth evaluating if a same-origin resource may be a better choice in
623+ the first place, instead of using a resource hosted on a third-party server.
601624
602625 If the resource cannot be made available to the system, then the system
603- should be built to cope as best as possible with the resource's absence.
604- For some resources, for example web fonts or non-essential styles, there
605- may be no work to do to leave the system in a usable state. Alternatively,
606- the system could be built using progressive enhancement principles, where
607- in the absence of a resource, or support from the user agent for that
608- resource, the system remains usable although potentially with degraded
609- functionality.
626+ should be built to cope as best as possible with the resource's absence. For
627+ some resources, for example web fonts or non-essential styles, there may be
628+ no work to do to leave the system in a usable state. Alternatively, the
629+ system could be built using progressive enhancement principles, where in the
630+ absence of a resource, or support from the user agent for that resource, the
631+ system remains usable although potentially with degraded functionality.
632+
633+ If an alerting or logging system exists, the integrity error should also
634+ be sent there so that appropriate steps can be taken. If a single resource
635+ on a CDN is seen to have been modified, then general usage of that system
636+ should be evaluated for other possible problems. For example, if other
637+ resources without integrity metadata have also been loaded from the same CDN,
638+ the impact of their potential modification should be evaluated.
610639
611640 <!-- ####################################################################### -->
612641
0 commit comments