Support for multiple resources per Hash (Multiple resources in a JS file)

[ezzak]

It’s common for larger websites to optimize delivery of assets by bundling many resources together, for performance optimization reasons.. Sites of sufficiently large size may bundle multiple bundles together, typically inserting a string delimiter between them. Hashing should be done on the sub-bundles, which means we need a way to communicate to the browser *how* to split the bundles so hashing will be accurate. Integrity-Policy should allow for this. For example:

Integrity-Policy: blocked-destinations=(script), source=(<manifest_bundle_uri>)

// Manifest Bundle

{
  "hashes": {
    "/assets/x.html": "ca978112ca1bbdcafac231b39a23dc4da786eff8147c4e72b9807785afee48bb",
    "/assets/main.js": "fb8e20fc2e4c3f248c60c39bd652f3c1347298bb977b8b4d5903b85055620603",
    "/css/main.css": "5e737a67c38189a01f73040b06b4a0393b7ea71c86cf73744914bbb0cf0062eb",
    "": [
      "684ad58287ff2d085927cb1544c7d685ace897b6b25d33e46d2ec46a355b1f0e",
      "3431742b9dbff1751bba9ba47483ed62ae7fdf42d560a480a282af38b6c8de0a",
      "f802517f1b2406e308599ca6f4c02d2ae28bb53ff2a5dbcddb538391cb6ad56a",
      "6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b",
      "d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35",
    ]
  },
  "root_hash": "4813494d137e1631bba301d5acab6e7bb7aa74ce1185d456565ef51d737677b2",
  "resource_delimeter": "/* MY_DELIM */",
  "version": 1,
  // Other Metadata
}

// my_pkg.js

// Code block a maps to 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
function my_func() {}

/* MY_DELIM */

// Code block b maps to d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35
function my_other_func() {}