require-sri-for: 'script' #50681
Merged
require-sri-for: 'script' #50681
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
`require-sri-for` would enable documents to enforce SRI on all resources they load (of a certain type). This CL revives a previous attempt [1] at this that ended up being removed. It only adds the 'script' part of it, as this has a clear use case [2]. Intent-to-Prototype: https://groups.google.com/a/chromium.org/g/blink-dev/c/CdLp5BM2FCQ/m/t9ae0Do_AAAJ Spec PR: w3c/webappsec-subresource-integrity#129 [1] https://chromium-review.googlesource.com/c/chromium/src/+/2199260 [2] https://docs.google.com/document/d/1RcUpbpWPxXTyW0Qwczs9GCTLPD3-LcbbhL4ooBUevTM/edit?tab=t.0 Change-Id: I66acc12b073174cb33cf594b714e803e24656d27 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5877633 Reviewed-by: Antonio Sartori <[email protected]> Commit-Queue: Yoav Weiss (@Shopify) <[email protected]> Reviewed-by: Arthur Sonzogni <[email protected]> Cr-Commit-Position: refs/heads/main@{#1419883}
wpt-pr-bot
approved these changes
Feb 13, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
require-sri-forwould enable documents to enforce SRI on all resourcesthey load (of a certain type). This CL revives a previous attempt [1]
at this that ended up being removed. It only adds the 'script' part of
it, as this has a clear use case [2].
Intent-to-Prototype: https://groups.google.com/a/chromium.org/g/blink-dev/c/CdLp5BM2FCQ/m/t9ae0Do_AAAJ
Spec PR: w3c/webappsec-subresource-integrity#129
[1] https://chromium-review.googlesource.com/c/chromium/src/+/2199260
[2] https://docs.google.com/document/d/1RcUpbpWPxXTyW0Qwczs9GCTLPD3-LcbbhL4ooBUevTM/edit?tab=t.0
Change-Id: I66acc12b073174cb33cf594b714e803e24656d27
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5877633
Reviewed-by: Antonio Sartori <[email protected]>
Commit-Queue: Yoav Weiss (@Shopify) <[email protected]>
Reviewed-by: Arthur Sonzogni <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1419883}