You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm requesting a TAG review of CSP hash reporting.
Complex web applications often need to keep tabs of the subresources that they download, for security purposes.
In particular, upcoming industry standards and best practices (e.g. PCI-DSS v4 - context) require that web applications keep an inventory of all the scripts they download and execute.
This feature is a new CSP keyword, that would enable web developers to create and maintain such inventories in a secure manner.
Relevant time constraints or deadlines: As the relevant security standards go into effect in March 2025, I'd like to ship this in the next month or so.
The group where the work on this specification is currently being done: WebAppSec
The group where standardization of this work is intended to be done (if different from the current group):
Major unresolved issues with or opposition to this specification:
This work is being funded by: Shopify
You should also know that this work is critical for PCI-DSS v4 - context.
The text was updated successfully, but these errors were encountered:
こんにちは TAG-さん!
I'm requesting a TAG review of CSP hash reporting.
Complex web applications often need to keep tabs of the subresources that they download, for security purposes.
In particular, upcoming industry standards and best practices (e.g. PCI-DSS v4 - context) require that web applications keep an inventory of all the scripts they download and execute.
This feature is a new CSP keyword, that would enable web developers to create and maintain such inventories in a secure manner.
Further details:
You should also know that this work is critical for PCI-DSS v4 - context.
The text was updated successfully, but these errors were encountered: