You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This feature adds a new CSP directive "report-hash", which triggers a new reporting type "csp-hash-report".
It reports hashes for (same-origin or CORS enabled) scripts that are loaded in the context of the document (regardless of their "integrity" attribute), and sends reports about them.
Those reports enable developers to:
Create inventory of the scripts running on their page. (critical for PCI-DSS v4 - context.)
Have certainty that they can enable SRI or CSP hash-based enforcement without breaking their sites. For some hash-based enforcement, we'd also need to add reporting for inline scripts, evals, event handlers and javascript URLs that are not covered by the current spec PR.
The text was updated successfully, but these errors were encountered:
Request for Mozilla Position on an Emerging Web Specification
@
-mention GitHub accounts): @yoavweissOther information
This feature adds a new CSP directive "report-hash", which triggers a new reporting type "csp-hash-report".
It reports hashes for (same-origin or CORS enabled) scripts that are loaded in the context of the document (regardless of their "integrity" attribute), and sends reports about them.
Those reports enable developers to:
The text was updated successfully, but these errors were encountered: