Add sub resource integrity verification to link preloads so that resources with an integrity attribute can be preloaded with causing a double download. This feature honors the integrity attribute on link preloads for the as=script and as=style destinations.

Motivation

The primary motivation for this work is that in Chrome, resources requested with subresource integrity (SRI) cannot re-use preloaded resources. This is documented in http://crbug/677022. This is because the raw bytes for a resource are discarded after the resource is encoded. Not-reusing requests from the preload cache causes a loading regression, as these resources will always be downloaded twice. A solution proposed to the W3C's Web Performance Working Group, and agreed on at TPAC 2018 by multiple vendors, was to standardize and implement support for the `integrity` attribute on link preloads. As per this feature, Chrome will support the `integrity` attribute on link preloads for as=script & as=style destinations. Support for other destinations is lower-priority, as the script and style destinations are currently the only resource types that support SRI on their own (independent of being preloaded).

Documentation

• https://docs.google.com/document/d/1l8y_T3z-nb0smR9EVoZ3TeEI6rGzLw74vvzWzODsnDQ
• https://docs.google.com/document/d/1Mv-Y18leB5kNc6GshVRx2NEZmLu7WGlnQ6OZ5Oj5vgA

Specification

Specification link

Status: Specification currently under development in a Working Group

Status in Chromium

Blink components: Blink>Loader>Preload

Implementation status: Enabled by default (tracking bug)

Consensus & Standardization

• Firefox: Positive
• Safari: Positive
• Web Developers: Positive

Owner

• dom@chromium.org

Search tags

Last updated on 2021-12-13