Open demee opened 5 years ago
+1
It'd be helpful if we could list which CSP directives were introduced after the initial level 3 specification was released.
Some new directives are:
script-src-attr
, script-src-elem
, style-src-attr
, style-src-elem
, prefetch-src
, strict-dynamic
, unsafe-hashes
(renamed from unsafe-hashed-attributes
, Chrome status: https://www.chromestatus.com/feature/5867082285580288):
Proposed directives: wasm-unsafe-eval
(renamed from wasm-eval
), webrtc-src
and trusted-types
(relates to: https://github.com/Fyrd/caniuse/issues/4787).
For reference, here's other issues related to individual CSP directives support:
require-sri-for
https://github.com/Fyrd/caniuse/issues/2674frame-ancestors
https://github.com/Fyrd/caniuse/issues/2335wasm-unsafe-eval is supposedly in Chrome 97. It was also implemented in WebKit in February, but I can't see a Safari release tag that applies to the commit. It may be in iOS 15.4/Mac OS X 10.15.6, which have not yet been tagged, or a later release.
Another feature worth including is external hashes, which essentially let you declare a list of allowed SRI hashes.
I think it would be nice if I could look for the individual directive and see which browser they apply to. I.e. I could search for new Level 3 individual directive like
script-src-elem
.Thank You.