Open Bug 1627263 Opened 1 year ago Updated 1 year ago

[rel=preload] Propagate "nonce" attribute from <link preload> to loaders


(Core :: DOM: Core & HTML, enhancement, P3)





(Reporter: mayhemer, Unassigned)


(Blocks 1 open bug)


No description provided.

The current state for CSS is: for a speculative load (which is also a link preload), we don't set 'nonce' for the CSP initial check and hence we don't even start that load. This will rule out link preload. Adding the nonce handling is an optimization. The current state doesn't impose any security issue.

The current state for script: we also add nonce only for non-speculative loads.

This bug turns to be an optimization only, but as rel=preload is, as a whole, a performance feature, this should be done as part of M3.

You need to log in before you can comment on or make changes to this bug.