Contact emails
she...@gmail.com, j...@chromium.org
Summary
The `require-sri-for` directive gives developers the ability to assert to the browser that every resource of a given type ought to be integrity checked. If a resource of that type is loaded without integrity metadata, it will be rejected without triggering a network request.
Motivation
Ongoing technical constraints
Currently, if directive is present, integrity metadata presence is enforced even on resources that do not support SRI, like preload, workers, with having in mind the idea that SRI coverage will increase with time.
Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?
Yes.
OWP launch tracking bug
Requesting approval to ship?
Thanks,
Sergey Shekyan