WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
155505
Skip Content Security Policy check for a media request using standard schemes initiated from an element in user agent shadow tree
https://bugs.webkit.org/show_bug.cgi?id=155505
Summary
Skip Content Security Policy check for a media request using standard schemes...
Daniel Bates
Reported
2016-03-15 12:34:06 PDT
We should explicitly skip enforcing the Content Security Policy (CSP) of the page for media loads that are initiated by an element in a user-agent shadow tree because such elements are considered an implementation detail and should not be exposed to web developers. Currently we implicitly skip enforcement of CSP because media resources are treated as raw resources and we do not apply CSP to raw resources.
Attachments
Patch
(4.37 KB, patch)
2017-06-16 16:02 PDT
,
Daniel Bates
no flags
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Daniel Bates
Comment 1
2016-03-15 12:34:34 PDT
<
rdar://problem/25169452
>
Alex Christensen
Comment 2
2016-03-15 23:26:06 PDT
See
https://bugs.webkit.org/show_bug.cgi?id=155509
Daniel Bates
Comment 3
2017-06-16 15:53:43 PDT
Split off skip enforcing the Content Security Policy (CSP) for media requests to blob: and other external schemes to
bug #173498
.
Daniel Bates
Comment 4
2017-06-16 16:02:18 PDT
Created
attachment 313151
[details]
Patch
Brent Fulgham
Comment 5
2017-06-20 14:53:02 PDT
Comment on
attachment 313151
[details]
Patch r=me
Daniel Bates
Comment 6
2017-06-20 15:04:36 PDT
Comment on
attachment 313151
[details]
Patch Clearing flags on attachment: 313151 Committed
r218609
: <
http://trac.webkit.org/changeset/218609
>
Daniel Bates
Comment 7
2017-06-20 15:04:37 PDT
All reviewed patches have been landed. Closing bug.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug