



























@@ -3800,6 +3800,11 @@ Content-Type: application/reports+json
38003800 Given a <a for="/">request</a> |request|, a <a>response</a> |response|,
38013801 a <a>directive</a> |directive|, and a <a for="/">policy</a> |policy|:
380238023803+ Note: This check needs both |request| and |response| as input
3804+ parameters since if |request|'s <a for="request">cryptographic nonce metadata</a>
3805+ or <a for="request">integrity metadata</a> matches, then the script is allowed to load
3806+ and the check of whether |response|'s url matches the source list is skipped.
3807+38033808 1. If |request|'s <a for="request">destination</a> is <a for="request/destination">script-like</a>:
3804380938053810 1. Call [=potentially report hash=] with |response|, |request|, |directive| and |policy|.
@@ -3814,13 +3819,17 @@ Content-Type: application/reports+json
38143819 for="request">integrity metadata</a> and this directive's <a
38153820 for="directive">value</a> is "`Matches`", return "`Allowed`".
381638213817- 1. If |directive|'s <a for="directive">value</a> contains
3818- "<a grammar>`'strict-dynamic'`</a>":
3822+ 1. If |directive|'s <a for="directive">value</a> contains a <a>source
3823+ expression</a> that is an <a>ASCII case-insensitive</a> match for
3824+ the "<a grammar>`'strict-dynamic'`</a>" <a grammar>keyword-source</a>:
381938253820- 1. If |request|'s <a for="request">parser metadata</a> is not
3821-<a>"parser-inserted"</a>, return "`Allowed`".
3826+ 1. If the |request|'s <a for="request">parser metadata</a> is
3827+<a>"parser-inserted"</a>, return "`Blocked`".
382238283823- Otherwise, return "`Blocked`".
3829+ Otherwise, return "`Allowed`".
3830+3831+ Note: "<a grammar>`'strict-dynamic'`</a>" is explained in more detail
3832+ in [[#strict-dynamic-usage]].
3824383338253834 1. If the result of executing [[#match-response-to-source-list]] on
38263835 |response|, |request|, |directive|'s <a for="directive">value</a>,
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。