Bug 156565

Summary: CSP: Ignore report-only policy delivered via meta element
Product: WebKit Reporter: Daniel Bates <dbates>
Component: WebCore Misc.Assignee: Daniel Bates <dbates>
Status: RESOLVED FIXED    
Severity: Normal CC: aestes, bfulgham, cdumez, commit-queue, esprehn+autocc, kangil.han, mkwst, webkit-bug-importer, wilander
Priority: P2 Keywords: InRadar, WebExposed
Version: WebKit Nightly Build   
Hardware: All   
OS: All   
Attachments:
Description Flags
Patch and Layout Tests bfulgham: review+

Daniel Bates
Reported 2016-04-13 18:46:07 PDT
As per section Content-Security-Policy-Report-Only Header Field of the Content Security Policy Level 2 spec., <https://w3c.github.io/webappsec-csp/2/> (Editor's Draft, 29 August 2015), "The Content-Security-Policy-Report-Only header is not supported inside a meta element." Currently we support a report-only policy delivered via a meta element.
Attachments
Patch and Layout Tests (22.15 KB, patch)
2016-04-13 18:50 PDT, Daniel Bates 		bfulgham: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2016-04-13 18:46:45 PDT
<rdar://problem/25718167>
Daniel Bates
Comment 2 2016-04-13 18:50:22 PDT
Created attachment 276369 [details] Patch and Layout Tests
Brent Fulgham
Comment 3 2016-04-13 22:07:13 PDT
Comment on attachment 276369 [details] Patch and Layout Tests Looks great! r=me.
Daniel Bates
Comment 4 2016-04-14 09:47:58 PDT
Committed r199538: <http://trac.webkit.org/changeset/199538>
Note You need to log in before you can comment on or make changes to this bug.