Bug 154520 - CSP: Enable form-action directive by default
Summary: CSP: Enable form-action directive by default
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: WebKit Local Build
Hardware: All All
: P2 Normal
Assignee: Daniel Bates
Keywords: InRadar, WebExposed
: 157355 (view as bug list)
Depends on:
Blocks: 154555 154563
  Show dependency treegraph
Reported: 2016-02-21 15:32 PST by Daniel Bates
Modified: 2016-11-17 11:48 PST (History)
6 users (show)

See Also:

Patch (5.28 KB, patch)
2016-02-21 15:35 PST, Daniel Bates
sam: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Bates 2016-02-21 15:32:16 PST
Currently the Content Security Policy form-action directive is guarded by ENABLE(CSP_NEXT) and a runtime flag, both are disabled by default. This directive has been part of the Content Security Policy spec. since version 1.1 and other browsers, Google Chrome, have enabled it by default for some time. We should enable it by default.
Comment 1 Radar WebKit Bug Importer 2016-02-21 15:33:00 PST
Comment 2 Daniel Bates 2016-02-21 15:35:42 PST
Created attachment 271889 [details]
Comment 3 Daniel Bates 2016-02-21 21:26:12 PST
Committed r196892: <http://trac.webkit.org/changeset/196892>
Comment 4 Daniel Bates 2016-11-17 11:48:58 PST
*** Bug 157355 has been marked as a duplicate of this bug. ***