diff options
Diffstat (limited to 'files/zh-cn/web/http/headers/content-security-policy/require-sri-for/index.html')
| -rw-r--r-- | files/zh-cn/web/http/headers/content-security-policy/require-sri-for/index.html | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/files/zh-cn/web/http/headers/content-security-policy/require-sri-for/index.html b/files/zh-cn/web/http/headers/content-security-policy/require-sri-for/index.html new file mode 100644 index 0000000000..0c79f8e21b --- /dev/null +++ b/files/zh-cn/web/http/headers/content-security-policy/require-sri-for/index.html @@ -0,0 +1,70 @@ +--- +title: 'CSP: require-sri-for' +slug: Web/HTTP/Headers/Content-Security-Policy/require-sri-for +translation_of: Web/HTTP/Headers/Content-Security-Policy/require-sri-for +--- +<div>{{HTTPSidebar}}</div> + +<p>HTTP协议 {{HTTPHeader("Content-Security-Policy")}}头部的require-sri-for指令指示客户端在页面上对脚本或样式使用子资源完整性策略。</p> + +<h2 id="Syntax">Syntax</h2> + +<pre class="syntaxbox">Content-Security-Policy: require-sri-for script; +Content-Security-Policy: require-sri-for style; +Content-Security-Policy: require-sri-for script style; +</pre> + +<dl> + <dt><code>script</code></dt> + <dd>要求脚本符合{{Glossary("SRI")}}。</dd> + <dt><code>style</code></dt> + <dd>要求样式资源满足 {{Glossary("SRI")}}。</dd> + <dt><code>script style</code></dt> + <dd>要求脚本和样式资源都满足{{Glossary("SRI")}}。</dd> +</dl> + +<h2 id="Examples">Examples</h2> + +<p>如果你通过如下指令将站点设置为要求脚本和资源满足SRI策略: </p> + +<pre>Content-Security-Policy: require-sri-for script style</pre> + +<p>{{HTMLElement("script")}} 元素会被加载,因为它们拥有有效的完整性属性。</p> + +<pre class="brush: html; example-good"><script src="https://code.jquery.com/jquery-3.1.1.slim.js" + integrity="sha256-5i/mQ300M779N2OVDrl16lbohwXNUdzL/R2aVUXyXWA=" + crossorigin="anonymous"></script></pre> + +<p>但是,没有完整性属性的脚本将不会再加载:</p> + +<pre class="brush: html; example-bad"><script src="https://code.jquery.com/jquery-3.1.1.slim.js"></script></pre> + +<h2 id="Specifications">Specifications</h2> + +<table class="standard-table"> + <tbody> + <tr> + <th scope="col">Specification</th> + <th scope="col">Status</th> + <th scope="col">Comment</th> + </tr> + <tr> + <td>{{specName("Subresource Integrity", "#opt-in-require-sri-for", "require-sri-for")}}</td> + <td>{{Spec2('Subresource Integrity')}}</td> + <td>Initial definition.</td> + </tr> + </tbody> +</table> + +<h2 id="Browser_compatibility">Browser compatibility</h2> + +<p class="hidden">The compatibility table in this page is generated from structured data. If you'd like to contribute to the data, please check out <a href="https://github.com/mdn/browser-compat-data">https://github.com/mdn/browser-compat-data</a> and send us a pull request.</p> + +<p>{{Compat("http.headers.csp.require-sri-for")}}</p> + +<h2 id="See_also">See also</h2> + +<ul> + <li>{{HTTPHeader("Content-Security-Policy")}}</li> + <li><a href="/en-US/docs/Web/Security/Subresource_Integrity">Subresource Integrity</a></li> +</ul> |