SRI: The `require-sri-for` CSP directive.

The `require-sri-for` directive gives developers the ability to assert to the browser that every resource of a given type ought to be integrity checked. If a resource of that type is loaded without integrity metadata, it will be rejected without triggering a network request.

Specification

Editor's draft

Status in Chromium

Blink components: Blink

Behind a flag (tracking bug) in:

• Chrome for desktop release 54
• Chrome for Android release 54
• Android WebView release 54
• Opera release 41
• Opera for Android release 41

Consensus & Standardization

• Firefox: In development
• Edge: No public signals
• Safari: No public signals
• Web Developers: Positive

Owners

• shekyan@gmail.com
• jww@chromium.org

Last updated on 2017-06-14