1830292 - SRI should accept base64url encoded integrity metadata and be liberal with padding

Status: RESOLVED FIXED

(Core :: DOM: Security, enhancement, P2)

Comment 1

[Frederik Braun [:freddy]]

Attachment: Bug 1830292 - base64url parser in SRI r?tschuster,ckerschb

Comment 2

[Daniel Veditz [:dveditz]]

Can we get more explanation? Are we violating the spec? Need Chrome or web compatibility even if we aren't? something else?

From the patch this looks like it adds support for base64url hashes and is forgiving when the base64 padding is the wrong length or missing.

Comment 3

[Frederik Braun [:freddy]]

This is from a conversation in the whatwg chat on matrix. Annevk told me that due to testing he found out Safari and Chrome support base64url and Firefox does not.

In lieu of a realistic way to deprecating support gracefully, I started looking at what it may take to align our implementations here instead.

Comment 4

[Frederik Braun [:freddy]]

Attachment: Bug 1830292 - base64url parser in SRI r?tschuster,ckerschb

Tests have shown that web pages use base64url encoded integrity
metadata when using SRI, as other browsers are already supporting it.
To align cross-browser behavior, we'll support base64url and base64
in parallel and update the tests from wpt at the same time.

Comment 5

[Pulsebot]

Pushed by fbraun@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/6a4d223b5f67
base64url parser in SRI r=tschuster,ckerschb

Comment 6

[Web Platform Test Sync Bot [:wpt-sync] (Matrix: #interop:mozilla.org)]

Created web-platform-tests PR https://github.com/web-platform-tests/wpt/pull/40166 for changes under testing/web-platform/tests

Comment 7

[Sebastian Hengst [:aryx] (needinfo me if it's about an intermittent or backout)]

https://hg.mozilla.org/mozilla-central/rev/6a4d223b5f67

Comment 8

[Web Platform Test Sync Bot [:wpt-sync] (Matrix: #interop:mozilla.org)]

Upstream PR merged by moz-wptsync-bot