CSP: require-sri-for

这篇翻译不完整。请帮忙从英语翻译这篇文章

HTTP协议 Content-Security-Policy头部的require-sri-for指令指示客户端在页面上对脚本或样式使用子资源完整性策略。

Syntax

Content-Security-Policy: require-sri-for script;
Content-Security-Policy: require-sri-for style;
Content-Security-Policy: require-sri-for script style;
script
要求脚本符合SRI
style
要求样式资源满足 SRI
script style
要求脚本和样式资源都满足SRI

Examples

如果你通过如下指令将站点设置为要求脚本和资源满足SRI策略: 

Content-Security-Policy: require-sri-for script style

<script> 元素会被加载,因为它们拥有有效的完整性属性。

<script src="https://code.jquery.com/jquery-3.1.1.slim.js"
        integrity="sha256-5i/mQ300M779N2OVDrl16lbohwXNUdzL/R2aVUXyXWA="
        crossorigin="anonymous"></script>

但是,没有完整性属性的脚本将不会再加载:

<script src="https://code.jquery.com/jquery-3.1.1.slim.js"></script>

Specifications

Specification Status Comment
Subresource Integrity
require-sri-for
Recommendation Initial definition.

Browser compatibility

Update compatibility data on GitHub
DesktopMobile
ChromeEdgeFirefoxInternet ExplorerOperaSafariAndroid webviewChrome for AndroidEdge MobileFirefox for AndroidOpera for AndroidiOS SafariSamsung Internet
Basic support
Experimental
Chrome Full support 54Edge No support NoFirefox Full support 49
Disabled
Full support 49
Disabled
Disabled From version 49: this feature is behind the security.csp.experimentalEnabled preference (needs to be set to true). To change preferences in Firefox, visit about:config.
IE No support NoOpera Full support 41Safari No support NoWebView Android Full support 54Chrome Android Full support 54Edge Mobile No support NoFirefox Android Full support 49
Disabled
Full support 49
Disabled
Disabled From version 49: this feature is behind the security.csp.experimentalEnabled preference (needs to be set to true). To change preferences in Firefox, visit about:config.
Opera Android Full support 41Safari iOS No support NoSamsung Internet Android Full support 6.0

Legend

Full support  
Full support
No support  
No support
Experimental. Expect behavior to change in the future.
Experimental. Expect behavior to change in the future.
User must explicitly enable this feature.
User must explicitly enable this feature.

See also

文档标签和贡献者

此页面的贡献者: shevacjs
最后编辑者: shevacjs,