Hacker News new | past | comments | ask | show | jobs | submit login

Also, if there's a known-trusted resource, go for https://developer.mozilla.org/en-US/docs/Web/Security/Subres... - if the resource changes, it will fail to load. If unchanged, offload to a CDN, if fails, serve locally. Multiple identifiers allowed, which mitigates second preimage attacks.

I added this to the article, thanks!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact