info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Intent to unship: CSP “require-sri-for” Support
125 views
Skip to first unread message
Sebastian Streich
Apr 1, 2019, 10:47:17 AM4/1/19
to dev-pl...@lists.mozilla.org
Summary:
In bug 1386214 we are planning to remove the Code for the "require-sri-for”
CSP directive.
The “require-sri-for” directive allows developers to block resource
requests that do not contain integrity metadata.
Please note that the entire code has always been behind a pref
(security.csp.experimentalEnabled) and we never shipped ‘require-sri-for’
by default.
Chrome also has flagged the feature as experimental and it seems they plan
to remove the code as well. See:
https://bugs.chromium.org/p/chromium/issues/detail?id=618924
We’re planning to remove the Feature in FF 69.
Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1386214
Link to standard: https://w3c.github.io/webappsec-subresource-integrity/
Thanks
-- Sebastian
In bug 1386214 we are planning to remove the Code for the "require-sri-for”
CSP directive.
The “require-sri-for” directive allows developers to block resource
requests that do not contain integrity metadata.
Please note that the entire code has always been behind a pref
(security.csp.experimentalEnabled) and we never shipped ‘require-sri-for’
by default.
Chrome also has flagged the feature as experimental and it seems they plan
to remove the code as well. See:
https://bugs.chromium.org/p/chromium/issues/detail?id=618924
We’re planning to remove the Feature in FF 69.
Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1386214
Link to standard: https://w3c.github.io/webappsec-subresource-integrity/
Thanks
-- Sebastian
0 new messages