meacer

### What is the issue with the Fetch Standard? In Main Fetch, HSTS upgrade step (4.1.10) runs after referrer determination steps. As a result of this, a request upgraded via...

These URLs are all hanging without a response: https://rome.ct.filippo.io/2024h1/ct/v1/get-roots https://rome.ct.filippo.io/2024h2/ct/v1/get-roots https://rome.ct.filippo.io/2025h1/ct/v1/get-roots

Extend CSP script-src (aka script-src-v2)

1

## Introduction Currently it's not easy for sites to deploy a reasonably secure Content Security Policy for scripts. Hostname based allowlists can be [unsafe](https://research.google/pubs/csp-is-dead-long-live-csp-on-the-insecurity-of-whitelists-and-the-future-of-content-security-policy/) and a strict CSP using hashes...

### WebKittens @annevk ### Title of the proposal Extend CSP script-src hashes ### URL to the spec https://www.w3.org/TR/CSP3/ ### URL to the spec's repository https://github.com/w3c/webappsec-csp/compare/main...carlosjoan91:webappsec-csp:main ### Issue Tracker URL _No...