Bug 207039
| Summary: | Content blocker: add a new action that adds custom CSP | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Andrey Meshkov <am> |
| Component: | WebKit Misc. | Assignee: | Nobody <webkit-unassigned> |
| Status: | NEW | ||
| Severity: | Normal | CC: | achristensen, krzysztof.modras, mcatanzaro, webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Andrey Meshkov
AdGuard, uBlock Origin, and Adblock Plus provide this option and it is quite popular among filter lists maintainers.
The idea is that content blockers should be able to add custom Content Security policies to pages matching the "url-filter".
Please note, that this can only make CSP stricter because existing CSP must stay untouched.
Here's how it could look like:
"action": {
"type": "add-csp",
"csp": "script-src 'self' 'unsafe-eval'"
}
Example:
One of the most popular use cases for this type of rules is disabling inline scripts.
If this feature request is implemented, it could be done with a rule like this:
"action": {
"type": "add-csp",
"csp": "script-src 'self' 'unsafe-eval' http: https:"
}
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Radar WebKit Bug Importer
<rdar://problem/59084750>