-
Notifications
You must be signed in to change notification settings - Fork 2.9k
Integrity-Policy integration #11334
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Integrity-Policy integration #11334
Conversation
|
||
<li><p>An <dfn export for="policy container" data-x="policy-container-integrity-policy">integrity | ||
policy</dfn>, which is an <span data-x="integrity policy struct">integrity policy struct</span>. | ||
</p></li> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No whitespace between .
and <
@@ -2747,6 +2747,8 @@ a.setAttribute('href', 'https://example.com/'); // change the content attribute | |||
<li><dfn data-x-href="https://w3c.github.io/webappsec-subresource-integrity/#parse-metadata">parse integrity metadata</dfn></li> | |||
<li><dfn data-x-href="https://w3c.github.io/webappsec-subresource-integrity/#the-integrity-attribute">the requirements of the integrity attribute</dfn></li> | |||
<li><dfn data-x-href="https://w3c.github.io/webappsec-subresource-integrity/#get-the-strongest-metadata">get the strongest metadata from set</dfn></li> | |||
<li><dfn data-x-href="https://w3c.github.io/webappsec-subresource-integrity/#integrity-policy-struct">integrity policy struct</dfn></li> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't love including "struct" in the names.
@@ -90683,6 +90693,9 @@ dictionary <dfn dictionary>DragEventInit</dfn> : <span>MouseEventInit</span> { | |||
`<code>Referrer-Policy</code>` header</span> given <var>response</var>. | |||
<ref>REFERRERPOLICY</ref></p></li> | |||
|
|||
<li><p><span data-x="parse Integrity-Policy headers">Parse Integrity-Policy headers</span> with | |||
<var>Response</var> and <var>result</var>.</p></li> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
<var>Response</var> and <var>result</var>.</p></li> | |
<var>vesponse</var> and <var>result</var>.</p></li> |
|
||
<li><p>A <dfn export for="policy container" | ||
data-x="policy-container-report-only-integrity-policy">report only integrity policy</dfn>, which | ||
is an <span data-x="integrity policy struct">integrity policy struct</span>.</p></li> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What values do these have for policy containers not created from "create a policy container from a fetch response"? E.g. the fallback case in "determine navigation params policy container", or the one created in "snapshot source snapshot params" for browser UI-initiated navigations, or the one created in "Loading a document for inline content that doesn't have a DOM", or the initial values for documents and workers?
This is a followup on w3c/webappsec-subresource-integrity#133:
integrity policy
andreport only integrity policy
on "policy container"Integrity-Policy
header for scripts WebKit/standards-positions#458 (comment)Integrity-Policy
header for scripts mozilla/standards-positions#1173 (comment)(See WHATWG Working Mode: Changes for more details.)
/browsers.html ( diff )
/infrastructure.html ( diff )