Open yoavweiss opened 2 months ago
Related to #16
CSP used to contain a require-sri-for directive, but it was removed due to concerns around SRI not covering all script types, namely dynamic imports and workers.
As we solved dynamic imports, that may be enough to revive that proposal. The upcoming PCIv4 requirements definitely mean there's a use case for it.
We still don't have a way to apply SRI to workers, but maybe we can just not apply the policy to them?
Related to #16
CSP used to contain a require-sri-for directive, but it was removed due to concerns around SRI not covering all script types, namely dynamic imports and workers.
As we solved dynamic imports, that may be enough to revive that proposal. The upcoming PCIv4 requirements definitely mean there's a use case for it.
We still don't have a way to apply SRI to workers, but maybe we can just not apply the policy to them?