w3c · ScottHelme · Apr 24, 2023
diff --git a/index.bs b/index.bs
@@ -480,7 +480,7 @@ spec: SHA2; urlPrefix: http://csrc.nist.gov/publications/fips/fips180-4/fips-180
   ## Handling integrity violations ## {#handling-integrity-violations}
 
   The user agent will refuse to render or execute responses that fail an integrity
-  check, instead returning a network error as defined in Fetch [[!Fetch]].
+  check, instead returning a network error as defined in Fetch [[!Fetch]], and may send an <a>sri report</a>.
 
   Note: On a failed integrity check, an `error` event is fired. Developers
   wishing to provide a canonical fallback resource (e.g., a resource not served
@@ -565,6 +565,30 @@ spec: SHA2; urlPrefix: http://csrc.nist.gov/publications/fips/fips180-4/fips-180
 
   <!-- ####################################################################### -->
 
+  # SRI Reports # {#sri-report}
+
+  <dfn>SRI Reports</dfn> indicate that the user agent refused to render or execute a response that failed an integrity check.
+
+  <a>SRI Reports</a> are a type of [=report=] and have the <a>report type</a> "sri".
+
+  <pre class="idl">
+    [Exposed=(Window,Worker)]
+    interface SriReportBody : ReportBody {
+      [Default] object toJSON();
+      readonly attribute USVString blockedURL;
+      readonly attribute DOMString? integrityAttribute;
+    };
+  </pre>
+
+  :  {{blockedURL}}
+  :: The URL of the resource that failed the integrity check.
+  :  {{integrityAttribute}}
+  :: The integrity attribute of the element.
+
+  <a>SRI Reports</a>, if sent, must be sent to a <a lt="endpoint">reporting endpoint</a> with a name of <code>sri</code> and must only be sent as the result of a failed integrity check and not any other error to ensure that no privacy or security risk is introduced.
+
+  <!-- ####################################################################### -->
+
   # Acknowledgements # {#acknowledgements}
 
   Much of the content here is inspired heavily by Gervase Markham's <a