Add a note that SRI only works over HTTPS

connorshea · web-flow · commit eac99dc5f8c0 · 2016-06-20T14:04:36.000-06:00
Add a note that the SRI attribute is only applied when the Rails app is served over HTTPS. This is something that tripped me up initially, as most browsers treat localhost as a secure origin. Source: fdb0df6
diff --git a/README.md b/README.md
@@ -158,6 +158,8 @@ javascript_include_tag :application, integrity: true
 # => "<script src="/assets/application.js" integrity="sha256-TvVUHzSfftWg1rcfL6TIJ0XKEGrgLyEq6lEpcmrG9qs="></script>"
 ```
 
+Note that sprockets-rails only adds integrity hashes to assets when served over an HTTPS connection.
+
 
 ## Contributing to Sprockets Rails
 
