Bug 153161

Summary: CSP: Permit exempting schemes only for certain policy areas
Product: WebKit Reporter: Daniel Bates <dbates>
Component: WebCore Misc.Assignee: Daniel Bates <dbates>
Status: RESOLVED INVALID    
Severity: Normal CC: bfulgham, webkit-bug-importer
Priority: P2 Keywords: BlinkMergeCandidate, InRadar
Version: WebKit Local Build   
Hardware: All   
OS: All   

Description Daniel Bates 2016-01-15 15:15:20 PST 
We should consider merging <https://src.chromium.org/viewvc/blink?view=rev&revision=185554>.

CSP: Permit exempting schemes only for certain policy areas.

Only the image and style policy areas are included in this CL,
but the approach can be easily extended to other policy areas
if desired.
Comment 1 Radar WebKit Bug Importer 2016-01-27 20:51:24 PST 
<rdar://problem/24383303>
Comment 2 Daniel Bates 2016-03-21 16:29:28 PDT 
This issue is not applicable to WebKit as we do not have Blink-in-JS. In WebKit we make use of user agent shadow DOM and isolated worlds to implement browser features using markup and JavaScript, respectively. The Content Security Policy of a page applies to neither an isolated world nor to sub resource loads initiated from a user agent shadow DOM.