Intent to prototype and ship: Integrity-Policy

209 views

Skip to first unread message

Fatih Kilic

unread,

Jul 14, 2025, 8:38:15 AMJul 14

to dev-pl...@mozilla.org

Summary: The new Integrity-Policy header is part of Subresource Integrity and a first milestone towards our goal for full web application integrity. As a first step, the header will only allow script directives. This subset is already shipping in Chrome and has already been implemented for WebKit.

Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1976656

Specification: https://www.w3.org/TR/SRI/

Standards Body: W3C Web application security working group (WASWG).

Platform Coverage: All.

Preference: security.integrity_policy.enabled

DevTools Bug: Not required. Our patch will add logging to the console.

Link to standards-positions discussion: https://github.com/mozilla/standards-positions/issues/1173

Other browsers:

Blink: Shipped.
WebKit: Implemented. Likely shipping soon, their standards-position was positive

Web Platform Tests: Exist within the SRI test suites.

We intend to enable the security.integrity_policy.enabled pref. Integrity-Policy will be the second policy to be contained in the new policy container implementation.

Reply all

Reply to author

Forward

0 new messages