This directive was dropped from the CSP2 draft, and replaced with different syntax as part of the 'script-src' directive[1]. I'd recommend removing the implementation to ensure no one ends up relying on it. [1]: https://w3c.github.io/webappsec/specs/content-security-policy/#directive-script-src
Created attachment 234933 [details] Patch
Alexey, would you mind taking a look at this patch? I'd like to start getting rid of some of the old, old CSP 1.1 implementation in WebKit now that CSP2 has hit Last Call[1]. I'm not sure I'll have time to implement the new bits, but I certainly want to make sure the old bits don't get in the way. CCing Ryosuke as well, as he filed the bug this blocks. [1]: http://www.w3.org/TR/CSP2/
Comment on attachment 234933 [details] Patch Thanks, Darin.
Comment on attachment 234933 [details] Patch Clearing flags on attachment: 234933 Committed r171150: <http://trac.webkit.org/changeset/171150>
All reviewed patches have been landed. Closing bug.