Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add an SRI control as either a CSP directive or a new header #23

Closed
metromoxie opened this issue Dec 22, 2015 · 4 comments
Closed

Add an SRI control as either a CSP directive or a new header #23

metromoxie opened this issue Dec 22, 2015 · 4 comments
Labels

Comments

@metromoxie
Copy link
Contributor

@metromoxie metromoxie commented Dec 22, 2015

Per the suggestion in https://lists.w3.org/Archives/Public/public-webappsec/2015Dec/0045.html, it might make sense to extend CSP with a directive to control SRI. For example, we could have an sri-options directive that can take options like scripts-require-sri. This would also be a good place to eventually have a report-only option for SRI.

@jonathanKingston

This comment has been minimized.

Copy link
Contributor

@jonathanKingston jonathanKingston commented Dec 23, 2015

See also previous discussions: w3c/webappsec#16 (comment)

@mozfreddyb

This comment has been minimized.

Copy link
Contributor

@mozfreddyb mozfreddyb commented Jan 4, 2016

How is this tied to CSP? I'm wondering if the Integrity Policy should come in its own header.

@metromoxie

This comment has been minimized.

Copy link
Contributor Author

@metromoxie metromoxie commented Jan 4, 2016

In fact, the rest of that thread eventually makes the point that it may make sense to put it in its own header :-) There isn't consensus, about whether it should be a CSP directive or a separate header, so I'll rename this issue appropriately.

@metromoxie metromoxie changed the title Add a CSP SRI directive Add an SRI control as either a CSP directive or a new header Jan 4, 2016
@mozfreddyb

This comment has been minimized.

Copy link
Contributor

@mozfreddyb mozfreddyb commented Jul 2, 2019

We tried with require-sri-for (and removed it again). Closing.

@mozfreddyb mozfreddyb closed this Jul 2, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.