Bug 155773 - CSP: Log deprecation warning for frame-src directive
Summary: CSP: Log deprecation warning for frame-src directive
Status: RESOLVED INVALID
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: WebKit Local Build
Hardware: All All
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-03-22 15:51 PDT by Daniel Bates
Modified: 2022-03-25 12:50 PDT (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Bates 2016-03-22 15:51:45 PDT
The frame-src directive has been deprecated since CSP 2.0, <https://www.w3.org/TR/2015/CR-CSP2-20150721/#directive-frame-src>. Its replacement is the child-src directive. We should consider showing a console warning message when a Content Security Policy has a frame-src directive.
Comment 1 Daniel Bates 2016-03-22 15:52:45 PDT
Maybe we should log a message of the form:

The frame-src directive is deprecated. Use the child-src directive instead.
Comment 2 Brent Fulgham 2022-03-25 12:50:25 PDT
Ironically, the frame-src directive is no longer deprecated, and child-src is!