Bug 167810

Summary:

[Mac][WK2] Add SPI to override the Content Security Policy of a page

Product:

WebKit

Reporter:

Daniel Bates <dbates>

Component:

WebKit2

Assignee:

Daniel Bates <dbates>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

andersca, cdumez, commit-queue, esprehn+autocc, japhet, jer.noble, kangil.han, mkwst, sam

Priority:

Keywords:

InRadar, PlatformOnly

Version:

WebKit Nightly Build

Hardware:

Mac

OS:

macOS 10.12

Attachments:

Description	Flags
Patch and unit tests	none
Patch and unit tests	andersca: review+

Daniel Bates

Reported 2017-02-03 12:16:42 PST

An embedding client may want to impose content restrictions when loading third-party web pages to prevent content injections and ensure a consistent user experience regardless of how the third party content was produced. One way to do this is to make use of a Content Security Policy to impose content restrictions. An embedding client could use API/SPI to define a Content Security Policy to be applied to all subsequently loaded pages that takes precedence over the Content Security Policy delivered with a page.

Attachments
Patch and unit tests (29.55 KB, patch) 2017-02-03 12:22 PST, Daniel Bates	no flags	Details Formatted Diff Diff
Patch and unit tests (35.47 KB, patch) 2017-02-03 15:01 PST, Daniel Bates	andersca: review+	Details Formatted Diff Diff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.

Daniel Bates

Comment 1 2017-02-03 12:22:36 PST

Created attachment 300556 [details] Patch and unit tests

WebKit Commit Bot

Comment 2 2017-02-03 12:25:34 PST

Attachment 300556 [details] did not pass style-queue: ERROR: Source/WebCore/page/csp/ContentSecurityPolicy.h:77: enum members should use InterCaps with an initial capital letter or initial 'k' for C-style enums. [readability/enum_casing] [4] Total errors found: 1 in 21 files If any of these errors are false positives, please file a bug against check-webkit-style.

Daniel Bates

Comment 3 2017-02-03 15:01:21 PST

Created attachment 300568 [details] Patch and unit tests Moved _setOverrideContentSecurityPolicy: SPI from WKWebViewPrivate to WKWebViewConfigurationPrivate based on a conversation with Anders Carlsson. In its preferred embodiment an embedding client will call _setOverrideContentSecurityPolicy: once so that the custom Content Security Policy applies to all page loads. That is, it is unlikely that an embedding client will want to change the custom Content Security Policy per load. So, it more appropriate to add this SPI to WKWebViewConfigurationPrivate.

WebKit Commit Bot

Comment 4 2017-02-03 15:03:42 PST

Attachment 300568 [details] did not pass style-queue: ERROR: Source/WebCore/page/csp/ContentSecurityPolicy.h:77: enum members should use InterCaps with an initial capital letter or initial 'k' for C-style enums. [readability/enum_casing] [4] Total errors found: 1 in 26 files If any of these errors are false positives, please file a bug against check-webkit-style.

Daniel Bates

Comment 5 2017-02-03 15:06:07 PST

<rdar://problem/30102568>

Daniel Bates

Comment 6 2017-02-03 15:16:26 PST

Committed r211656: <http://trac.webkit.org/changeset/211656>

Note You need to log in before you can comment on or make changes to this bug.