Header integrity fetcher should not prefer SXG for subresources
antiphoton opened this issue · comments
Boxiao Cao commented
HeaderIntegrityFetcher computes the header integrity of sub-resources by two steps: fetching sub-resources and computing integrity.
The compute_integrity
method takes an unsigned subresource as input, but fetch_subresource
method uses a SXG-preferring header.
This gives incorrect header integrity when the back-end server supports SXG format, for example, when using sxg-playground to test a website that already enables cloudflare worker.