156565 – CSP: Ignore report-only policy delivered via meta element

RESOLVED FIXED 156565

CSP: Ignore report-only policy delivered via meta element

https://bugs.webkit.org/show_bug.cgi?id=156565

Summary CSP: Ignore report-only policy delivered via meta element

Daniel Bates

Reported 2016-04-13 18:46:07 PDT

As per section Content-Security-Policy-Report-Only Header Field of the Content Security Policy Level 2 spec., <https://w3c.github.io/webappsec-csp/2/> (Editor's Draft, 29 August 2015), "The Content-Security-Policy-Report-Only header is not supported inside a meta element." Currently we support a report-only policy delivered via a meta element.

Attachments
Patch and Layout Tests (22.15 KB, patch) 2016-04-13 18:50 PDT, Daniel Bates	bfulgham: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2016-04-13 18:46:45 PDT

<rdar://problem/25718167>

Daniel Bates

Comment 2 2016-04-13 18:50:22 PDT

Created attachment 276369 [details] Patch and Layout Tests

Brent Fulgham

Comment 3 2016-04-13 22:07:13 PDT

Comment on attachment 276369 [details] Patch and Layout Tests Looks great! r=me.

Daniel Bates

Comment 4 2016-04-14 09:47:58 PDT

Committed r199538: <http://trac.webkit.org/changeset/199538>

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware All

OS All

Product WebKit

Component WebCore Misc.

Assignee

Daniel Bates

Reported

2016-04-13 18:46 PDT

Modified

2016-04-14 09:47 PDT History

CC List

9 users Show

URL

Keywords InRadar, WebExposed

Depends on

Blocks