


























@@ -696,7 +696,7 @@ spec:SRI; urlPrefix: https://w3c.github.io/webappsec-subresource-integrity
696696 / "<dfn>'report-sample'</dfn>" / "<dfn>'unsafe-allow-redirects'</dfn>"
697697 / "<dfn>'wasm-unsafe-eval'</dfn>" / "<dfn>'trusted-types-eval'</dfn>"
698698 / "<dfn>'report-sha256'</dfn>" / "<dfn>'report-sha384'</dfn>"
699- / "<dfn>'report-sha512'</dfn>"
699+ / "<dfn>'report-sha512'</dfn>" / "<dfn>'unsafe-webtransport-hashes'</dfn>"
700700701701 ISSUE: Bikeshed `unsafe-allow-redirects`.
702702@@ -2215,14 +2215,26 @@ Content-Type: application/reports+json
22152215 1. Let |name| be the result of executing
22162216[[#effective-directive-for-a-request]] on |request|.
221722172218-2. If the result of executing [[#should-directive-execute]] on |name|,
2218+1. If the result of executing [[#should-directive-execute]] on |name|,
22192219 `connect-src` and |policy| is "`No`", return "`Allowed`".
222022202221- 3. If the result of executing [[#match-request-to-source-list]] on
2222- |request|, this directive's <a for="directive">value</a>, and
2223- |policy|, is "`Does Not Match`", return "`Blocked`".
2221+ 1. Let |source list| be directive's <a for="directive">value</a>.
222422222225- 4. Return "`Allowed`".
2223+ 1. If |request|'s [=request/mode=] is "`webtransport`" and |request|'s
2224+<a for="request">WebTransport-hash list</a> [=list/is not empty=]:
2225+2226+ 1. If |source list| [=list/contains=] a <a>source expression</a>
2227+ which is an <a>ASCII case-insensitive</a> match for the
2228+<a grammar>`keyword-source`</a>
2229+ "<a grammar>`'unsafe-webtransport-hashes'`</a>", return "`Allowed`".
2230+2231+ 1. Return "`Blocked`".
2232+2233+ 1. If the result of executing [[#match-request-to-source-list]] on
2234+ |request|, |source list|, and |policy|, is "`Matches`", return
2235+ "`Allowed`".
2236+2237+ 1. Return "`Blocked`".
2226223822272239<h5 algorithm id="connect-src-post-request">
22282240 `connect-src` Post-request check
@@ -2236,14 +2248,26 @@ Content-Type: application/reports+json
22362248 1. Let |name| be the result of executing
22372249[[#effective-directive-for-a-request]] on |request|.
223822502239-2. If the result of executing [[#should-directive-execute]] on |name|,
2251+1. If the result of executing [[#should-directive-execute]] on |name|,
22402252 `connect-src` and |policy| is "`No`", return "`Allowed`".
224122532242- 3. If the result of executing [[#match-response-to-source-list]] on
2243- |response|, |request|, this directive's <a for="directive">value</a>,
2244- and |policy|, is "`Does Not Match`", return "`Blocked`".
2254+ 1. Let |source list| be directive's <a for="directive">value</a>.
224522552246- 4. Return "`Allowed`".
2256+ 1. If |request|'s [=request/mode=] is "`webtransport`" and |request|'s
2257+<a for="request">WebTransport-hash list</a> [=list/is not empty=]:
2258+2259+ 1. If |source list| [=list/contains=] a <a>source expression</a>
2260+ which is an <a>ASCII case-insensitive</a> match for the
2261+<a grammar>`keyword-source`</a>
2262+ "<a grammar>`'unsafe-webtransport-hashes'`</a>", return "`Allowed`".
2263+2264+ 1. Return "`Blocked`".
2265+2266+ 1. If the result of executing [[#match-response-to-source-list]] on
2267+ |response|, |request|, |source list|, and |policy|, is "`Matches`",
2268+ return "`Allowed`".
2269+2270+ 1. Return "`Blocked`".
2247227122482272<h4 id="directive-default-src">`default-src`</h4>
22492273此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。