Groups
Sign in
Groups
mozilla.dev.platform
Conversations
About
Send feedback
Help
info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Learn more
Intent to unship: CSP “require-sri-for” Support
125 views
Skip to first unread message
Sebastian Streich
unread,
Apr 1, 2019, 10:47:17 AM
4/1/19
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to dev-pl...@lists.mozilla.org
Summary:
In bug 1386214 we are planning to remove the Code for the "require-sri-for”
CSP directive.
The “require-sri-for” directive allows developers to block resource
requests that do not contain integrity metadata.
Please note that the entire code has always been behind a pref
(security.csp.experimentalEnabled) and we never shipped ‘require-sri-for’
by default.
Chrome also has flagged the feature as experimental and it seems they plan
to remove the code as well. See:
https://bugs.chromium.org/p/chromium/issues/detail?id=618924
We’re planning to remove the Feature in FF 69.
Bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=1386214
Link to standard:
https://w3c.github.io/webappsec-subresource-integrity/
Thanks
-- Sebastian
0 new messages