Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Revert `require-sri-for` #82

Merged
merged 3 commits into from Jul 2, 2019
Merged

Revert `require-sri-for` #82

merged 3 commits into from Jul 2, 2019

Conversation

@mozfreddyb
Copy link
Contributor

mozfreddyb commented Jul 2, 2019

I really liked the feature. 馃槩

However, we ended up unshipping in Gecko and IIRC @mikewest considered removing from Blink, so I'm making an attempt at removing require-sri-for.


Preview | Diff

@devd

This comment has been minimized.

Copy link
Contributor

devd commented Jul 2, 2019

hmm this makes me sad too. We use it at Dropbox a lot too. Can you say more whats the reason its causing so much pain?

@devd devd merged commit 4716b72 into w3c:master Jul 2, 2019
2 checks passed
2 checks passed
Travis CI - Pull Request Build Passed
Details
ipr PR deemed acceptable.
Details
@devd

This comment has been minimized.

Copy link
Contributor

devd commented Jul 2, 2019

welp .. just saw your other messages on how this ship's already sailed.

@MaceWindu

This comment has been minimized.

Copy link

MaceWindu commented Jul 3, 2019

Can you post some references why it was done to better understand reasons of this removal for outsiders?

@mozfreddyb

This comment has been minimized.

Copy link
Contributor Author

mozfreddyb commented Jul 3, 2019

Thank you for asking. I should have made the pointer earlier.

Please see this thread on the webappsec working group mailing list for more information. The mailing list is public and open for further commentary, so let's move all discussion there.

vincentbernat added a commit to vincentbernat/vincent.bernat.ch that referenced this pull request Jul 5, 2019
It is being removed from Firefox and planned to be removed from
Chromium. It seems the main reason is that it doesn't cover all
scripts/styles and therefore provide a false sense of security and may
break in the future.

See <w3c/webappsec-subresource-integrity#82>.
sideshowbarker added a commit to w3c/browser-compat-data that referenced this pull request Dec 25, 2019
In w3c/webappsec-subresource-integrity#82, the
require-sri-for feature was dropped from the spec. So this change
updates its BCD status to "standard_track": false, "deprecated": true
sideshowbarker added a commit to w3c/webappsec-csp that referenced this pull request Dec 25, 2019
w3c/webappsec-subresource-integrity#82 removed `require-sri-for` from the SRI spec.
vinyldarkscratch added a commit to mdn/browser-compat-data that referenced this pull request Dec 25, 2019
In w3c/webappsec-subresource-integrity#82, the
require-sri-for feature was dropped from the spec. So this change
updates its BCD status to "standard_track": false, "deprecated": true
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can鈥檛 perform that action at this time.