Can't do that with this one because it generates the polyfill based on the user agent.

Why not? The `integrity` attribute accepts more than one value[0].

This would technically be feasible, if my understanding of the service is correct. Hashes could be recorded for each combination of feature -- you could then give those list of hashes to the user to insert into the attribute.

Of course, the main difficulty here would be the management of individual hashes. Hmm, definitely interesting stuff.

[0]: https://developer.mozilla.org/en-US/docs/Web/Security/Subres...

We are talking potentially hundreds of hashes because of how the polyfills service worked.

That depends on how many polyfills are served via each script.

yeah that's nuts, I would never use a random site for that, but in general people's opinion on CDN use is dated. Tons of people still think that cached resources are shared between domains for example.

Sure, but why risk a developer making a typo, saying integrty="sha384-whatever", and that attribute simply being ignored in the html?

“A developer could typo something” is kind of weak because you could use this argument for basically anything.

Why? If you host everything on the same domain there's no possibility of a typo. And, developers could maliciously make a typo that can get past code review, don't you take that into account?

In a lot of situations the system can be designed that a mistake has to be obvious at review for it to even pass the build step. Why not strive for that level of robustness?