Bug 154520

Summary: CSP: Enable form-action directive by default
Product: WebKit Reporter: Daniel Bates <dbates>
Component: WebCore Misc.Assignee: Daniel Bates <dbates>
Status: RESOLVED FIXED    
Severity: Normal CC: aestes, bfulgham, commit-queue, mkwst, webkit-bug-importer, webkit.bugzilla
Priority: P2 Keywords: InRadar, WebExposed
Version: WebKit Local Build   
Hardware: All   
OS: All   
Bug Depends on:    
Bug Blocks: 154555, 154563    
Attachments:
Description Flags
Patch sam: review+

Description Daniel Bates 2016-02-21 15:32:16 PST
Currently the Content Security Policy form-action directive is guarded by ENABLE(CSP_NEXT) and a runtime flag, both are disabled by default. This directive has been part of the Content Security Policy spec. since version 1.1 and other browsers, Google Chrome, have enabled it by default for some time. We should enable it by default.
Comment 1 Radar WebKit Bug Importer 2016-02-21 15:33:00 PST
<rdar://problem/24762029>
Comment 2 Daniel Bates 2016-02-21 15:35:42 PST
Created attachment 271889 [details]
Patch
Comment 3 Daniel Bates 2016-02-21 21:26:12 PST
Committed r196892: <http://trac.webkit.org/changeset/196892>
Comment 4 Daniel Bates 2016-11-17 11:48:58 PST
*** Bug 157355 has been marked as a duplicate of this bug. ***