Bug 153161
| Summary: | CSP: Permit exempting schemes only for certain policy areas | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Daniel Bates <dbates> |
| Component: | WebCore Misc. | Assignee: | Daniel Bates <dbates> |
| Status: | RESOLVED INVALID | ||
| Severity: | Normal | CC: | bfulgham, webkit-bug-importer |
| Priority: | P2 | Keywords: | BlinkMergeCandidate, InRadar |
| Version: | WebKit Local Build | ||
| Hardware: | All | ||
| OS: | All | ||
Daniel Bates
We should consider merging <https://src.chromium.org/viewvc/blink?view=rev&revision=185554>.
CSP: Permit exempting schemes only for certain policy areas.
Only the image and style policy areas are included in this CL,
but the approach can be easily extended to other policy areas
if desired.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Radar WebKit Bug Importer
<rdar://problem/24383303>
Daniel Bates
This issue is not applicable to WebKit as we do not have Blink-in-JS. In WebKit we make use of user agent shadow DOM and isolated worlds to implement browser features using markup and JavaScript, respectively. The Content Security Policy of a page applies to neither an isolated world nor to sub resource loads initiated from a user agent shadow DOM.