Missing gzip support

[rkaravia]

I have generated the following code using srihash.org for URL https://cesiumjs.org/releases/1.21/Build/Cesium/Cesium.js:

<script src="https://cesiumjs.org/releases/1.21/Build/Cesium/Cesium.js"
integrity="sha384-CAN0Iz/H09oATWPeJZclEOAM/nF1cq3DSuAbxi9IMbZIx8m3ERInrpuk11n+lHRq"
crossorigin="anonymous"></script>

When trying to load the page that contains the integrity-checked script, I get the following error in Chrome 50 on Windows:

Failed to find a valid digest in the 'integrity' attribute for resource 'https://cesiumjs.org/releases/1.21/Build/Cesium/Cesium.js' with computed SHA-256 integrity 'vGCl/67DuYY5UzwNQGGpYh2gztA4PhvD+I4pcX7TWcU='. The resource has been blocked.

I also tried to generate the hash manually (again, on Windows, openssl-1.0.2h), using:

openssl dgst -sha384 -binary Cesium.js | openssl base64 -A

resulting in:

X5EHALkqk8r9hyCKwav7y+6BOUg2dRH90/qSxdytan2SQQB9g8jsYYWLDKzNeKx4

This hash works when loading Cesium.js with Chrome, i.e. the one provided by srihash.org is indeed incorrect.

The incorrect result is due to the combination of two factors:

• Cesium.js from cesiumjs.org is always served with Content-Encoding: gzip, even if the request does not contain Accept-Encoding: gzip.
• srihash.org uses xhr2 to fetch resources, which does not support gzip encoding.

It would be nice if srihash.org could either support fetching gzipped resources, or display a warning instead of an incorrect result in that case.