Chrome intends to implement require-sri-for by default: https://bugs.chromium.org/p/chromium/issues/detail?id=618924 We switched this off in Bug 1279420 via a pref as we were not sure about the standardisation and default We should double check that we have tests for blocking import scripts and @import CSS and anything else that might make a network request before enabling.
Status: NEW → ASSIGNED
Priority: -- → P2
Removing assign at the moment as I'm not working on this.
Assignee: jkt → nobody
You need to log in before you can comment on or make changes to this bug.