Add features for signature-based SRI (#29112)

ddbeck · Elchi3 · web-flow · commit 60c32af13d83 · 2026-02-27T10:31:08.000+01:00
* Add features for signature-based integrity * Fix key name from @Elchi3 Co-authored-by: Florian Scholz <fs@florianscholz.com> * Update Unencoded-Digest spec URL from @Elchi3 Co-authored-by: Florian Scholz <fs@florianscholz.com> * Per linter: No arrays for single spec_urls * Drop "-03" in URL --------- Co-authored-by: Florian Scholz <fs@florianscholz.com>
diff --git a/html/elements/script.json b/html/elements/script.json
@@ -314,6 +314,38 @@
               "standard_track": true,
               "deprecated": false
             }
+          },
+          "ed25519_public_key": {
+            "__compat": {
+              "description": "Signature-based integrity (Ed25519 public key values)",
+              "spec_url": "https://wicg.github.io/signature-based-sri/#monkey-patch-csp",
+              "support": {
+                "chrome": {
+                  "version_added": "141"
+                },
+                "chrome_android": "mirror",
+                "edge": "mirror",
+                "firefox": {
+                  "version_added": false
+                },
+                "firefox_android": "mirror",
+                "oculus": "mirror",
+                "opera": "mirror",
+                "opera_android": "mirror",
+                "safari": {
+                  "version_added": false
+                },
+                "safari_ios": "mirror",
+                "samsunginternet_android": "mirror",
+                "webview_android": "mirror",
+                "webview_ios": "mirror"
+              },
+              "status": {
+                "experimental": true,
+                "standard_track": true,
+                "deprecated": false
+              }
+            }
           }
         },
         "nomodule": {
diff --git a/http/headers/Signature-Input.json b/http/headers/Signature-Input.json
@@ -0,0 +1,40 @@
+{
+  "http": {
+    "headers": {
+      "Signature-Input": {
+        "__compat": {
+          "spec_url": [
+            "https://datatracker.ietf.org/doc/html/rfc9421#name-the-signature-input-http-fi",
+            "https://wicg.github.io/signature-based-sri/#signature-enforcement"
+          ],
+          "support": {
+            "chrome": {
+              "version_added": "141"
+            },
+            "chrome_android": "mirror",
+            "edge": "mirror",
+            "firefox": {
+              "version_added": false
+            },
+            "firefox_android": "mirror",
+            "oculus": "mirror",
+            "opera": "mirror",
+            "opera_android": "mirror",
+            "safari": {
+              "version_added": false
+            },
+            "safari_ios": "mirror",
+            "samsunginternet_android": "mirror",
+            "webview_android": "mirror",
+            "webview_ios": "mirror"
+          },
+          "status": {
+            "experimental": true,
+            "standard_track": true,
+            "deprecated": false
+          }
+        }
+      }
+    }
+  }
+}
diff --git a/http/headers/Signature.json b/http/headers/Signature.json
@@ -0,0 +1,40 @@
+{
+  "http": {
+    "headers": {
+      "Signature": {
+        "__compat": {
+          "spec_url": [
+            "https://datatracker.ietf.org/doc/html/rfc9421#section-4.2",
+            "https://wicg.github.io/signature-based-sri/#signature-enforcement"
+          ],
+          "support": {
+            "chrome": {
+              "version_added": "141"
+            },
+            "chrome_android": "mirror",
+            "edge": "mirror",
+            "firefox": {
+              "version_added": false
+            },
+            "firefox_android": "mirror",
+            "oculus": "mirror",
+            "opera": "mirror",
+            "opera_android": "mirror",
+            "safari": {
+              "version_added": false
+            },
+            "safari_ios": "mirror",
+            "samsunginternet_android": "mirror",
+            "webview_android": "mirror",
+            "webview_ios": "mirror"
+          },
+          "status": {
+            "experimental": true,
+            "standard_track": true,
+            "deprecated": false
+          }
+        }
+      }
+    }
+  }
+}
diff --git a/http/headers/Unencoded-Digest.json b/http/headers/Unencoded-Digest.json
@@ -0,0 +1,40 @@
+{
+  "http": {
+    "headers": {
+      "Unencoded-Digest": {
+        "__compat": {
+          "spec_url": [
+            "https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-unencoded-digest#name-the-unencoded-digest-field",
+            "https://wicg.github.io/signature-based-sri/#unencoded-digest-validation-for-sri"
+          ],
+          "support": {
+            "chrome": {
+              "version_added": "141"
+            },
+            "chrome_android": "mirror",
+            "edge": "mirror",
+            "firefox": {
+              "version_added": false
+            },
+            "firefox_android": "mirror",
+            "oculus": "mirror",
+            "opera": "mirror",
+            "opera_android": "mirror",
+            "safari": {
+              "version_added": false
+            },
+            "safari_ios": "mirror",
+            "samsunginternet_android": "mirror",
+            "webview_android": "mirror",
+            "webview_ios": "mirror"
+          },
+          "status": {
+            "experimental": true,
+            "standard_track": true,
+            "deprecated": false
+          }
+        }
+      }
+    }
+  }
+}
