153161 – CSP: Permit exempting schemes only for certain policy areas

RESOLVED INVALID153161

CSP: Permit exempting schemes only for certain policy areas

https://bugs.webkit.org/show_bug.cgi?id=153161

Summary CSP: Permit exempting schemes only for certain policy areas

Daniel Bates

Reported 2016-01-15 15:15:20 PST

We should consider merging <https://src.chromium.org/viewvc/blink?view=rev&revision=185554>. CSP: Permit exempting schemes only for certain policy areas. Only the image and style policy areas are included in this CL, but the approach can be easily extended to other policy areas if desired.

Attachments
Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2016-01-27 20:51:24 PST

<rdar://problem/24383303>

Daniel Bates

Comment 2 2016-03-21 16:29:28 PDT

This issue is not applicable to WebKit as we do not have Blink-in-JS. In WebKit we make use of user agent shadow DOM and isolated worlds to implement browser features using markup and JavaScript, respectively. The Content Security Policy of a page applies to neither an isolated world nor to sub resource loads initiated from a user agent shadow DOM.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution INVALID

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Local Build

Hardware All

OS All

Product WebKit

Component WebCore Misc.

Assignee

Daniel Bates

Reported

2016-01-15 15:15 PST

Modified

2016-03-21 16:29 PDT History

CC List

2 users Show

URL

Keywords BlinkMergeCandidate, InRadar

Depends on

Blocks