← Back to release summary

SRI: The `require-sri-for` CSP directive.

Category

Security

Type

New or changed feature

Status

In developer trial (Behind a flag) (Chrome 54)

Intent stage

None

Summary

The `require-sri-for` directive gives developers the ability to assert to the browser that every resource of a given type ought to be integrity checked. If a resource of that type is loaded without integrity metadata, it will be rejected without triggering a network request.

Standards & signals

• Specification: https://w3c.github.io/webappsec-subresource-integrity/
• Firefox: In development
• Safari: No signal
• Web developers: Positive
• Tracking bug: https://bugs.chromium.org/p/chromium/issues/detail?id=618924

View on chromestatus.com