Intent to prototype and ship: CSP support for external hashes (SRI)
91 views
Skip to first unread message
Tom Schuster
Jun 9, 2023, 4:07:27 AM6/9/23
to dev-pl...@mozilla.org
In Firefox 115 we plan to ship support for external hashes in
Content-Security-Policies. This allows sites to allowlist external
scripts with an integrity attribute (SRI) by adding the same hash to
their CSP.
Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1409200
Specification: https://w3c.github.io/webappsec-csp/
Standards Body: W3C
Platform Coverage: All
Preference: none
Other browsers: Chrome 59 and Safari (not sure which version)
web-platform-tests:
https://wpt.fyi/results/content-security-policy/script-src/script-src-sri_hash.sub.html
(plus a test we are adding for default-src)
Content-Security-Policies. This allows sites to allowlist external
scripts with an integrity attribute (SRI) by adding the same hash to
their CSP.
Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1409200
Specification: https://w3c.github.io/webappsec-csp/
Standards Body: W3C
Platform Coverage: All
Preference: none
Other browsers: Chrome 59 and Safari (not sure which version)
web-platform-tests:
https://wpt.fyi/results/content-security-policy/script-src/script-src-sri_hash.sub.html
(plus a test we are adding for default-src)
Tom Schuster
Jun 9, 2023, 7:15:39 AM6/9/23
to dev-pl...@mozilla.org
We are of course targeting the current Nightly, which is 116 and not
115. Sorry for the confusion.
115. Sorry for the confusion.
Reply all
Reply to author
Forward
0 new messages