Add sub resource integrity verification to link preloads so that resources with an integrity attribute can be preloaded with causing a double download. This feature honors the integrity attribute on link preloads for the as=script and as=style destinations.

Motivation

The primary motivation for this work is that in Chrome, resources requested with subresource integrity (SRI) cannot re-use preloaded resources. This is documented in http://crbug/677022. This is because the raw bytes for a resource are discarded after the resource is encoded. Not-reusing requests from the preload cache causes a loading regression, as these resources will always be downloaded twice. A solution proposed to the W3C's Web Performance Working Group, and agreed on at TPAC 2018 by multiple vendors, was to standardize and implement support for the `integrity` attribute on link preloads. As per this feature, Chrome will support the `integrity` attribute on link preloads for as=script & as=style destinations. Support for other destinations is lower-priority, as the script and style destinations are currently the only resource types that support SRI on their own (independent of being preloaded).

Documentation

Specification

Specification link


Specification currently under development in a Working Group

Status in Chromium

Blink>Loader>Preload


Enabled by default (tracking bug)

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

Owner

Search tags

preload, sri, subresource-integrity, subresource integrity, link preload, sri verification,

Last updated on 2020-12-21