Bug 185070

Summary: CSP: Implement `prefetch-src` directive
Product: WebKit Reporter: Yoav Weiss <yoav>
Component: WebCore Misc.Assignee: Ryan Reno <rreno>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, bugmail, dbates, m.kurz+webkitbugs, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

Yoav Weiss
Reported 2018-04-27 01:21:02 PDT
In order to block potential data leaks through prefetch requests, it was decided [1] that a `prefetch-src`CSP directive would be added and control such requests, and that prefetch requests would have their own `Request.initiator` and an empty string destination[2]. [1] https://github.com/w3c/webappsec-csp/issues/107 [2] https://github.com/whatwg/fetch/pull/659 Tests: http://w3c-test.org/content-security-policy/prefetch-src/
Attachments
Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2018-04-28 19:13:00 PDT
<rdar://problem/39821187>
Ryan Reno
Comment 2 2022-10-13 18:56:30 PDT
Pull request: https://github.com/WebKit/WebKit/pull/5360
EWS
Comment 3 2022-10-17 14:37:03 PDT
Committed 255653@main (b632f9d274f3): <https://commits.webkit.org/255653@main> Reviewed commits have been landed. Closing PR #5360 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.