In bug 1386214 we are planning to remove the Code for the "require-sri-for”
CSP directive.

The “require-sri-for” directive allows developers to block resource
requests that do not contain integrity metadata.

Please note that the entire code has always been behind a pref
(security.csp.experimentalEnabled) and we never shipped ‘require-sri-for’
by default.

Chrome also has flagged the feature as experimental and it seems they plan
to remove the code as well. See:

We’re planning to remove the Feature in FF 69.


Link to standard:


 -- Sebastian
dev-platform mailing list

Reply via email to