Skip to content

Allow public-key signatures in CSP allowed script sources #436

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ekobrin opened this issue Jul 23, 2015 · 2 comments
Open

Allow public-key signatures in CSP allowed script sources #436

ekobrin opened this issue Jul 23, 2015 · 2 comments
Labels
CSP
Milestone
CSP 3

Comments

@ekobrin
Copy link

ekobrin commented Jul 23, 2015

Rather than requiring a hash to be added to script-src for each script to be checked, can we add support for ed25519 public-key signatures? This way a public key could appear in script-src and a signature could accompany each script tag. This reduces the complexity of dynamically assembling pages and reduces the size of the script-src element.
@mikewest mikewest added the CSP label Aug 12, 2015
@mikewest mikewest added this to the CSP 3 milestone Aug 12, 2015
@mikewest mikewest added the SRI label Aug 12, 2015
@mikewest
Copy link
Member

Let's look into something like this for CSP3. Might also be interesting for the SRI folks.

@fmarier
Copy link
Member

fmarier commented Aug 12, 2015

Also see #449 for SRI.

@fmarier fmarier removed the SRI label Aug 12, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
CSP
Projects
None yet
Milestone
CSP 3
Development

No branches or pull requests
3 participants
@mikewest @fmarier @ekobrin