Summary: In bug 1386214 we are planning to remove the Code for the "require-sri-for” CSP directive.
The “require-sri-for” directive allows developers to block resource requests that do not contain integrity metadata. Please note that the entire code has always been behind a pref (security.csp.experimentalEnabled) and we never shipped ‘require-sri-for’ by default. Chrome also has flagged the feature as experimental and it seems they plan to remove the code as well. See: https://bugs.chromium.org/p/chromium/issues/detail?id=618924 We’re planning to remove the Feature in FF 69. Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1386214 Link to standard: https://w3c.github.io/webappsec-subresource-integrity/ Thanks -- Sebastian _______________________________________________ dev-platform mailing list firstname.lastname@example.org https://lists.mozilla.org/listinfo/dev-platform