Summary: The new Integrity-Policy header is part of Subresource Integrity and a first milestone towards our goal for full web application integrity. As a first step, the header will only allow script directives. This subset is already shipping in Chrome and has already been implemented for WebKit.
Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1976656 Specification: https://www.w3.org/TR/SRI/ Standards Body: W3C Web application security working group (WASWG). Platform Coverage: All. Preference: security.integrity_policy.enabled DevTools Bug: Not required. Our patch will add logging to the console. Link to standards-positions discussion: https://github.com/mozilla/standards-positions/issues/1173 Other browsers: - Blink: Shipped. - WebKit: Implemented. Likely shipping soon, their standards-position was positive Web Platform Tests: Exist within the SRI test suites <https://searchfox.org/mozilla-central/source/testing/web-platform/meta/subresource-integrity/integrity-policy> . We intend to enable the security.integrity_policy.enabled pref. Integrity-Policy will be the second policy to be contained in the new policy container implementation <https://bugzilla.mozilla.org/show_bug.cgi?id=1968607>. -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/CAN-axVYMQ%3DuadQC%3DdmdS%3DfL7z5YfPBwztgOB7C8ac_Q%2BG4moXg%40mail.gmail.com.
