RESOLVED FIXED 155505
Skip Content Security Policy check for a media request using standard schemes initiated from an element in user agent shadow tree 
https://bugs.webkit.org/show_bug.cgi?id=155505
Summary Skip Content Security Policy check for a media request using standard schemes...
Daniel Bates
Reported 2016-03-15 12:34:06 PDT
We should explicitly skip enforcing the Content Security Policy (CSP) of the page for media loads that are initiated by an element in a user-agent shadow tree because such elements are considered an implementation detail and should not be exposed to web developers. Currently we implicitly skip enforcement of CSP because media resources are treated as raw resources and we do not apply CSP to raw resources.
Attachments
Patch (4.37 KB, patch)
2017-06-16 16:02 PDT, Daniel Bates 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Daniel Bates
Comment 1 2016-03-15 12:34:34 PDT
<rdar://problem/25169452>
Alex Christensen
Comment 2 2016-03-15 23:26:06 PDT
See https://bugs.webkit.org/show_bug.cgi?id=155509
Daniel Bates
Comment 3 2017-06-16 15:53:43 PDT
Split off skip enforcing the Content Security Policy (CSP) for media requests to blob: and other external schemes to bug #173498.
Daniel Bates
Comment 4 2017-06-16 16:02:18 PDT
Created attachment 313151 [details] Patch
Brent Fulgham
Comment 5 2017-06-20 14:53:02 PDT
Comment on attachment 313151 [details] Patch r=me
Daniel Bates
Comment 6 2017-06-20 15:04:36 PDT
Comment on attachment 313151 [details] Patch Clearing flags on attachment: 313151 Committed r218609: <http://trac.webkit.org/changeset/218609>
Daniel Bates
Comment 7 2017-06-20 15:04:37 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.