Bug 185070

Summary: CSP: Implement `prefetch-src` directive
Product: WebKit Reporter: Yoav Weiss <yoav>
Component: WebCore Misc.Assignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Normal CC: bfulgham, dbates, m.kurz+webkitbugs, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

Description Yoav Weiss 2018-04-27 01:21:02 PDT
In order to block potential data leaks through prefetch requests, it was decided [1] that a `prefetch-src`CSP directive would be added and control such requests, and that prefetch requests would have their own `Request.initiator` and an empty string destination[2].

[1] https://github.com/w3c/webappsec-csp/issues/107
[2] https://github.com/whatwg/fetch/pull/659


Tests: http://w3c-test.org/content-security-policy/prefetch-src/
Comment 1 Radar WebKit Bug Importer 2018-04-28 19:13:00 PDT
<rdar://problem/39821187>