Bug 153161 - CSP: Permit exempting schemes only for certain policy areas
Summary: CSP: Permit exempting schemes only for certain policy areas
Status: RESOLVED INVALID
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: WebKit Local Build
Hardware: All All
: P2 Normal
Assignee: Daniel Bates
URL:
Keywords: BlinkMergeCandidate, InRadar
Depends on:
Blocks:
 
Reported: 2016-01-15 15:15 PST by Daniel Bates
Modified: 2016-03-21 16:29 PDT (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Bates 2016-01-15 15:15:20 PST 
We should consider merging <https://src.chromium.org/viewvc/blink?view=rev&revision=185554>.

CSP: Permit exempting schemes only for certain policy areas.

Only the image and style policy areas are included in this CL,
but the approach can be easily extended to other policy areas
if desired.
Comment 1 Radar WebKit Bug Importer 2016-01-27 20:51:24 PST 
<rdar://problem/24383303>
Comment 2 Daniel Bates 2016-03-21 16:29:28 PDT 
This issue is not applicable to WebKit as we do not have Blink-in-JS. In WebKit we make use of user agent shadow DOM and isolated worlds to implement browser features using markup and JavaScript, respectively. The Content Security Policy of a page applies to neither an isolated world nor to sub resource loads initiated from a user agent shadow DOM.