Ship subresource integrity enabled by default

RESOLVED FIXED in Firefox 43

Status

()

Core
DOM: Security
RESOLVED FIXED
2 years ago
2 years ago

People

(Reporter: francois, Assigned: francois)

Tracking

({dev-doc-complete})

unspecified
mozilla43
dev-doc-complete
Points:
---

Firefox Tracking Flags

(firefox43 fixed, relnote-firefox 43+)

Details

(URL)

MozReview Requests

()

Submitter Diff Changes Open Issues Last Updated
Loading...
Error loading review requests:

Attachments

(1 attachment)

(Assignee)

Description

2 years ago
Intent to ship: https://groups.google.com/d/msg/mozilla.dev.platform/3_d1JIxsIJc/IObUw7zOMQAJ
(Assignee)

Updated

2 years ago
(Assignee)

Comment 1

2 years ago
Created attachment 8662097 [details]
MozReview Request: Bug 1205448 - Ship subresource integrity enabled by default. r=ckerschb

Bug 1205448 - Ship subresource integrity enabled by default. r?ckerschb
Attachment #8662097 - Flags: review?(mozilla)
Attachment #8662097 - Flags: review?(mozilla) → review+
Comment on attachment 8662097 [details]
MozReview Request: Bug 1205448 - Ship subresource integrity enabled by default. r=ckerschb

https://reviewboard.mozilla.org/r/19499/#review17475

::: modules/libpref/init/all.js:1967
(Diff revision 1)
> -pref("security.sri.enable", false);
> +pref("security.sri.enable", true);

Hurray - looks good to me!
(Assignee)

Comment 3

2 years ago
Release Note Request (optional, but appreciated)
[Why is this notable]: New web platform feature for developers
[Suggested wording]: Support for subresource integrity
[Links (documentation, blog post, etc)]: https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity

Note: this has not yet landed, but it should land today or tomorrow.
relnote-firefox: --- → ?
(Assignee)

Comment 4

2 years ago
Comment on attachment 8662097 [details]
MozReview Request: Bug 1205448 - Ship subresource integrity enabled by default. r=ckerschb

Bug 1205448 - Ship subresource integrity enabled by default. r=ckerschb
Attachment #8662097 - Attachment description: MozReview Request: Bug 1205448 - Ship subresource integrity enabled by default. r?ckerschb → MozReview Request: Bug 1205448 - Ship subresource integrity enabled by default. r=ckerschb
https://reviewboard.mozilla.org/r/19499/#review17627

::: testing/web-platform/meta/subresource-integrity/subresource-integrity.html.ini:2
(Diff revision 2)
>    type: testharness

sweet - fixing web platform tests!

Comment 6

2 years ago
https://hg.mozilla.org/integration/mozilla-inbound/rev/5ff4c724c6b7
https://hg.mozilla.org/mozilla-central/rev/5ff4c724c6b7
Status: ASSIGNED → RESOLVED
Last Resolved: 2 years ago
status-firefox43: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla43
Added to release notes with this wording and the link to MDN: 
Subresource integrity allows developers to make their sites more secure
relnote-firefox: ? → 43+
Keywords: dev-doc-needed
(Assignee)

Comment 9

2 years ago
Jean-Yves: there's https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity on MDN and I filed bug 1206220 with some comments.
Yep, it will be to update the compat data on this page when it is enabled by default.
I double checked the release version indicated in the different doc pages and it is the correct one :-)
Keywords: dev-doc-needed → dev-doc-complete
I noted this a while back for 43, but also now have a note for bug 992096. Are these really the same thing?
Flags: needinfo?(francois)
(Assignee)

Comment 13

2 years ago
> I noted this a while back for 43, but also now have a note for bug 992096. Are these really the same thing?

Yes, they're the same thing. bug 992096 was to implement it pref'ed OFF and this bug was to pref it ON by default. Both landed in 43.
Flags: needinfo?(francois)
You need to log in before you can comment on or make changes to this bug.