Speculation rules: Content Security Policy extension

Category: Security
Type: No developer-visible change
Status: Enabled by default (Chrome 110)
Intent stage: Prepare to ship

Summary

Speculation rules are inlined in script tags, but their use will be restricted by Content Security Policy as unsafe inline scripts even if the speculation rules are safe. So, we extend the Content Security Policy to have a new source keyword, ‘inline-speculation-rules’, for inline uses of speculation rules. With this new keyword, we can permit inline speculation rules without permitting inline scripts.

Standards & signals

Specification: https://wicg.github.io/nav-speculation/speculation-rules.html
Firefox: Neutral
Safari: No signal
Web developers: Positive — We heard positive feedback from partners as there was no handy approach to permit speculation rules without allowing unsafe inline scripts.

View on chromestatus.com