Bug 231642

Summary: imported/w3c/web-platform-tests/content-security-policy/unsafe-hashes/javascript_src_allowed-href_blank.html timing out
Product: WebKit Reporter: Kate Cheney <katherine_cheney>
Component: WebKit Misc.Assignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Normal CC: justas543, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

Description Kate Cheney 2021-10-12 16:02:38 PDT 
Timing out with the error: null is not an object (evaluating 'opener.t1')
Comment 1 Radar WebKit Bug Importer 2021-10-19 16:03:32 PDT 
<rdar://problem/84437936>
Comment 2 justas543 2022-05-15 10:41:23 PDT 
Without unsafe-hashes CSP option, loading fonts in non blocking way while keeping up with CSP is not possible.

https://css-tricks.com/how-to-load-fonts-in-a-way-that-fights-fout-and-makes-lighthouse-happy/#aa-the-optimal-way-to-load-fonts

<!-- We use the full link to the CSS file in the rest of the tags -->
<link rel="preload"
      as="style"
      href="https://fonts.googleapis.com/css2?family=Merriweather&display=swap" />

<link rel="stylesheet"
      href="https://fonts.googleapis.com/css2?family=Merriweather&display=swap"
      media="print" onload="this.media='all'" />
Comment 3 Kate Cheney 2022-05-16 08:50:33 PDT 
(In reply to justas543 from comment #2)
> Without unsafe-hashes CSP option, loading fonts in non blocking way while
> keeping up with CSP is not possible.
> 
> https://css-tricks.com/how-to-load-fonts-in-a-way-that-fights-fout-and-makes-
> lighthouse-happy/#aa-the-optimal-way-to-load-fonts
> 
> <!-- We use the full link to the CSS file in the rest of the tags -->
> <link rel="preload"
>       as="style"
>      
> href="https://fonts.googleapis.com/css2?family=Merriweather&display=swap" />
> 
> <link rel="stylesheet"
>      
> href="https://fonts.googleapis.com/css2?family=Merriweather&display=swap"
>       media="print" onload="this.media='all'" />

Hi! We added support for unsafe-hashes in Safari 15.4 (https://developer.apple.com/documentation/safari-release-notes/safari-15_4-release-notes). If you're experiencing unexpected behavior, could you file a separate bug on bugs.webkit.org about it? This particular bug tracks a failing test and is not the best place to handle a different issue.

Thanks!