154520 – CSP: Enable form-action directive by default

RESOLVED FIXED 154520

CSP: Enable form-action directive by default

https://bugs.webkit.org/show_bug.cgi?id=154520

Summary CSP: Enable form-action directive by default

Daniel Bates

Reported 2016-02-21 15:32:16 PST

Currently the Content Security Policy form-action directive is guarded by ENABLE(CSP_NEXT) and a runtime flag, both are disabled by default. This directive has been part of the Content Security Policy spec. since version 1.1 and other browsers, Google Chrome, have enabled it by default for some time. We should enable it by default.

Attachments
Patch (5.28 KB, patch) 2016-02-21 15:35 PST, Daniel Bates	sam: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2016-02-21 15:33:00 PST

<rdar://problem/24762029>

Daniel Bates

Comment 2 2016-02-21 15:35:42 PST

Created attachment 271889 [details] Patch

Daniel Bates

Comment 3 2016-02-21 21:26:12 PST

Committed r196892: <http://trac.webkit.org/changeset/196892>

Daniel Bates

Comment 4 2016-11-17 11:48:58 PST

*** Bug 157355 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Local Build

Hardware All

OS All

Product WebKit

Component WebCore Misc.

Assignee

Daniel Bates

Reported

2016-02-21 15:32 PST

Modified

2016-11-17 11:48 PST History

CC List

6 users Show

URL

Keywords InRadar, WebExposed

Duplicates (1)

157355 View as bug list

Depends on

Blocks

154555 154563

Dependencies

tree graph