In Firefox 115 we plan to ship support for external hashes in Content-Security-Policies. This allows sites to allowlist external scripts with an integrity attribute (SRI) by adding the same hash to their CSP.
Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1409200 Specification: https://w3c.github.io/webappsec-csp/ Standards Body: W3C Platform Coverage: All Preference: none Other browsers: Chrome 59 and Safari (not sure which version) web-platform-tests: https://wpt.fyi/results/content-security-policy/script-src/script-src-sri_hash.sub.html (plus a test we are adding for default-src) -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/CA%2BCWiYgoqGKNW18vaukfdANzkkWU5vkAmaLQ8AGMT3ABXs1yOQ%40mail.gmail.com.
