Bug 134926

Summary: CSP: Drop 'script-nonce' directive.
Product: WebKit Reporter: Mike West <mkwst>
Component: WebCore Misc.Assignee: Mike West <mkwst>
Status: RESOLVED FIXED    
Severity: Normal CC: ap, commit-queue, esprehn+autocc, kangil.han, rniwa
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 116508    
Attachments:
Description Flags
Patch none

Mike West
Reported 2014-07-15 10:03:23 PDT
This directive was dropped from the CSP2 draft, and replaced with different syntax as part of the 'script-src' directive[1]. I'd recommend removing the implementation to ensure no one ends up relying on it. [1]: https://w3c.github.io/webappsec/specs/content-security-policy/#directive-script-src
Attachments
Patch (30.25 KB, patch)
2014-07-15 10:11 PDT, Mike West 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Mike West
Comment 1 2014-07-15 10:11:07 PDT
Created attachment 234933 [details] Patch
Mike West
Comment 2 2014-07-15 21:08:45 PDT
Alexey, would you mind taking a look at this patch? I'd like to start getting rid of some of the old, old CSP 1.1 implementation in WebKit now that CSP2 has hit Last Call[1]. I'm not sure I'll have time to implement the new bits, but I certainly want to make sure the old bits don't get in the way. CCing Ryosuke as well, as he filed the bug this blocks. [1]: http://www.w3.org/TR/CSP2/
Mike West
Comment 3 2014-07-16 12:59:40 PDT
Comment on attachment 234933 [details] Patch Thanks, Darin.
WebKit Commit Bot
Comment 4 2014-07-16 13:31:33 PDT
Comment on attachment 234933 [details] Patch Clearing flags on attachment: 234933 Committed r171150: <http://trac.webkit.org/changeset/171150>
WebKit Commit Bot
Comment 5 2014-07-16 13:31:37 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.