CSP external hashes will be a huge win for orgs already using SRI. https://www.w3.org/TR/CSP3/#external-hash … make this happen!!!
On its own maybe not much. It would facilitate adding a way for a subresource server to opt into CORS-only for its responses.
-
-
This may be preferable to extending frame-ancestors to <img> and <script>. Maybe even completely subsume frame-ancestors.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.