nlf
commented
8 years ago browsers that don't support it just ignore it, right? i want to make sure we're not slipping in a header that will cause people problems in browsers that don't support it
Closed autarc closed 8 years ago
nlf
commented
8 years ago browsers that don't support it just ignore it, right? i want to make sure we're not slipping in a header that will cause people problems in browsers that don't support it
nlf
commented
8 years ago also let's go ahead and rename it requireSriFor so it fits the pattern of camel casing the directives for the option names
autarc
commented
8 years ago Yeah, CSP headers in browsers work progressively so new directives which are not supported yet will just be ignored. Moreover since its not defined with a default value creators have to decide explicitly if it should be enabled.
Renamed the option like you suggested: requireSri -> requireSriFor.
nlf
commented
8 years ago perfect. thanks!
Enables options for the new "require-sri-for" directive. Although its currently only available in FF nightly it will probably soon find its way into Chrome & Edge.