RESOLVED FIXED Bug 154521
CSP: Enable base-uri directive by default 
https://bugs.webkit.org/show_bug.cgi?id=154521
Summary CSP: Enable base-uri directive by default
Daniel Bates
Reported 2016-02-21 15:34:02 PST
Currently the Content Security Policy base-uri directive is guarded by ENABLE(CSP_NEXT) and a runtime flag, both are disabled by default. This directive has been part of the Content Security Policy spec. since version 1.1 and other browsers, Google Chrome, have enabled it by default for some time. We should enable it by default.
Attachments
Patch and Layout Tests (16.34 KB, patch)
2016-02-21 16:38 PST, Daniel Bates 		no flags
DetailsFormatted DiffDiff
Patch and Layout Tests (19.47 KB, patch)
2016-02-23 13:26 PST, Daniel Bates 		bfulgham: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2016-02-21 15:34:14 PST
<rdar://problem/24762032>
Daniel Bates
Comment 2 2016-02-21 16:38:24 PST
Created attachment 271893 [details] Patch and Layout Tests
Daniel Bates
Comment 3 2016-02-23 13:26:17 PST
Created attachment 272046 [details] Patch and Layout Tests Added base-uri to the list of standard CSP directives and modified LayoutTests/http/tests/security/contentSecurityPolicy/source-list-parsing-no-semicolon.html to ensure that we emit a warning message when base-uri is used as a source expression.
Brent Fulgham
Comment 4 2016-02-23 14:39:26 PST
Comment on attachment 272046 [details] Patch and Layout Tests r=me.
Daniel Bates
Comment 5 2016-02-23 16:53:32 PST
Committed r197007: <http://trac.webkit.org/changeset/197007>
Note You need to log in before you can comment on or make changes to this bug.