Skip to content
Snippets Groups Projects
Commit 5984774c authored by Geoff Appleby's avatar Geoff Appleby
Browse files

Issue #3106728: require-sri-for has been removed from SRI spec

parent c8f1e952
No related branches found
No related tags found
No related merge requests found
......@@ -104,10 +104,6 @@ csp_directive.navigate-to:
type: csp_directive_source_list
csp_directive.block-all-mixed-content:
type: boolean
csp_directive.require-sri-for:
type: sequence
sequence:
type: string
csp_directive.upgrade-insecure-requests:
type: boolean
......
......@@ -72,12 +72,14 @@ class Csp {
// Other directives.
// @see https://www.w3.org/TR/CSP/#directives-elsewhere
'block-all-mixed-content' => self::DIRECTIVE_SCHEMA_BOOLEAN,
'require-sri-for' => self::DIRECTIVE_SCHEMA_TOKEN_LIST,
'upgrade-insecure-requests' => self::DIRECTIVE_SCHEMA_BOOLEAN,
// Deprecated directives.
// Referrer isn't in the Level 1 spec, but was accepted until Chrome 56 and
// Firefox 62.
'referrer' => self::DIRECTIVE_SCHEMA_TOKEN,
// 'require-sri-for' was removed from the SRI spec.
// @see https://www.drupal.org/project/csp/issues/3106728
'require-sri-for' => self::DIRECTIVE_SCHEMA_TOKEN_LIST,
];
/**
......
......@@ -110,12 +110,19 @@ class CspSettingsForm extends ConfigFormBase {
*/
private function getConfigurableDirectives() {
// Exclude some directives
// - Reporting directives have dedicated fields elsewhere in the form.
// - 'referrer' is deprecated in favour of the Referrer-Policy header, and
// not supported in most browsers.
// - Reporting directives are handled by plugins.
// - 'referrer' was deprecated prior to CSP Level 1 and not supported in
// most browsers.
// - 'require-sri-for' was never publicly implemented, and dropped from the
// SRI spec.
$directives = array_diff(
Csp::getDirectiveNames(),
['report-uri', 'report-to', 'referrer']
[
'report-uri',
'report-to',
'referrer',
'require-sri-for',
]
);
return $directives;
......@@ -372,17 +379,6 @@ class CspSettingsForm extends ConfigFormBase {
'#default_value' => $config->get($policyTypeKey . '.directives.sandbox') ?: [],
];
$form[$policyTypeKey]['directives']['require-sri-for']['options']['keys'] = [
'#type' => 'checkboxes',
'#parents' => [$policyTypeKey, 'directives', 'require-sri-for', 'keys'],
'#options' => [
'script' => '<code>script</code>',
'style' => '<code>style</code>',
],
'#default_value' => $config->get($policyTypeKey . '.directives.require-sri-for') ?: [],
];
$form[$policyTypeKey]['reporting'] = [
'#type' => 'fieldset',
'#title' => $this->t('Reporting'),
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment