Bug 153167

Summary: CSP: 'sandbox' should be ignored in report-only mode
Product: WebKit Reporter: Daniel Bates <dbates>
Component: WebCore Misc.Assignee: Daniel Bates <dbates>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, commit-queue, mkwst, webkit-bug-importer
Priority: P2 Keywords: BlinkMergeCandidate, InRadar
Version: WebKit Local Build   
Hardware: All   
OS: All   
Attachments:
Description Flags
Patch none

Daniel Bates
Reported 2016-01-15 18:08:44 PST
We should merge <https://src.chromium.org/viewvc/blink?view=rev&revision=165322>. CSP: 'sandbox' should be ignored in report-only mode. This is the behavior Firefox is running with[1], and has recently been explicitly clarified in the spec[2]. [1]: https://bugzilla.mozilla.org/show_bug.cgi?id=671389 [2]: https://github.com/w3c/webappsec/commit/2cc237a696e982be59886c8f2ba0ed2d84f22c81
Attachments
Patch (6.50 KB, patch)
2016-02-12 17:09 PST, Daniel Bates 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2016-01-27 20:57:08 PST
<rdar://problem/24383344>
Daniel Bates
Comment 2 2016-02-12 12:25:16 PST
Disregard comment #1. We have an existing radar...
Daniel Bates
Comment 3 2016-02-12 12:25:26 PST
<rdar://problem/22708669>
Daniel Bates
Comment 4 2016-02-12 17:09:38 PST
Created attachment 271250 [details] Patch
Brent Fulgham
Comment 5 2016-02-15 09:48:46 PST
Comment on attachment 271250 [details] Patch r=me
Daniel Bates
Comment 6 2016-02-15 10:54:28 PST
Comment on attachment 271250 [details] Patch Clearing flags on attachment: 271250 Committed r196582: <http://trac.webkit.org/changeset/196582>
Daniel Bates
Comment 7 2016-02-15 10:54:30 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.