How we built it

SRI: The `require-sri-for` CSP directive.

The `require-sri-for` directive gives developers the ability to assert to the browser that every resource of a given type ought to be integrity checked. If a resource of that type is loaded without integrity metadata, it will be rejected without triggering a network request.

Specification

Editor's draft

Status in Chromium

Behind a flag (launch bug) in:

  • Chrome for desktop release 54
  • Chrome for Android release 54
  • Android WebView release 54
  • Opera release 41
  • Opera for Android release 41

Consensus & Standardization

  • In development
  • No public signals
  • No public signals
  • Positive

Owners

Last updated on 2016-07-13