Bug 53572

Summary: [meta] Implement Content-Security-Policy 1.0
Product: WebKit Reporter: Adam Barth <abarth@webkit.org>
Component: WebCore Misc.Assignee: Nobody <webkit-unassigned@lists.webkit.org>
Status: NEW    
Severity: Normal CC: aestes@apple.com, ap@webkit.org, bugmail@eligrey.com, dbates@webkit.org, donggwan.kim@samsung.com, dveditz@mozilla.com, erlend@oftedal.no, felipe@zimmerle.org, jwalden+bwo@mit.edu, kozmic@gmail.com, laszlo.gombos@webkit.org, memorius@gmail.com, mike@w3.org, mjs@apple.com, mkwst@chromium.org, ojan@chromium.org, peter@chromium.org, pkasting@google.com, rafael.lobo@webkit.org, sam@webkit.org, syoichi@outlook.com, tsepez@chromium.org, vitaly.osipov@gmail.com, vprajan@gmail.com, webkit.arunp@gmail.com, webkit@firehacks.org
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Bug Depends on: 53573, 53685, 53867, 54379, 54381, 54551, 54787, 54799, 56582, 57196, 57212, 57278, 57283, 57287, 58012, 58014, 58018, 58604, 58610, 58639, 58640, 58641, 58642, 58643, 58644, 58645, 58646, 59291, 59292, 59293, 59850, 59899, 60240, 60384, 60402, 60800, 60874, 61360, 61576, 63636, 63637, 69433, 69728, 70011, 70463, 73240, 85233, 85553, 85561, 85662, 85682, 85778, 96765, 106314    
Bug Blocks: 103582    

Description From 2011-02-01 21:44:48 PST
We're coordinating with Mozilla in the W3C's public-web-security.  This is a meta-bug for implementing the feature.
------- Comment #1 From 2011-04-15 00:30:02 PST -------
The list of blockers for this bug should now be complete.  We might not implement all of the directives (e.g., frame-ancestors), but they're all listed as blocking this bug now so we can see the big picture.
------- Comment #2 From 2011-05-11 01:41:01 PST -------
WebKit's implementation is now (roughly) feature-complete.  I'm going to leave this bug open to continue to serve as a meta bug for tracking any changes to the spec.
------- Comment #3 From 2011-10-04 17:50:46 PST -------
*** Bug 30081 has been marked as a duplicate of this bug. ***
------- Comment #4 From 2012-05-03 17:30:19 PST -------
CSP 1.0 is very close to WGLC.  Let's use this bug as a meta bug for driving the last spec compliance issues to zero.
------- Comment #5 From 2012-05-03 17:33:23 PST -------
Note: I'll be punting some bugs to https://bugs.webkit.org/show_bug.cgi?id=85558, which is the meta bug for implementing CSP 1.1.