We should merge <https://src.chromium.org/viewvc/blink?view=rev&revision=165322>. CSP: 'sandbox' should be ignored in report-only mode. This is the behavior Firefox is running with[1], and has recently been explicitly clarified in the spec[2]. [1]: https://bugzilla.mozilla.org/show_bug.cgi?id=671389 [2]: https://github.com/w3c/webappsec/commit/2cc237a696e982be59886c8f2ba0ed2d84f22c81
<rdar://problem/24383344>
Disregard comment #1. We have an existing radar...
<rdar://problem/22708669>
Created attachment 271250 [details] Patch
Comment on attachment 271250 [details] Patch r=me
Comment on attachment 271250 [details] Patch Clearing flags on attachment: 271250 Committed r196582: <http://trac.webkit.org/changeset/196582>
All reviewed patches have been landed. Closing bug.