165804 – CSP: ws: and wss: blocked with connect-src *

RESOLVED FIXED 165804

CSP: ws: and wss: blocked with connect-src *

https://bugs.webkit.org/show_bug.cgi?id=165804

Summary CSP: ws: and wss: blocked with connect-src *

Daniel Bates

Reported 2016-12-13 09:58:49 PST

We should allow * to match ws: or wss: when used in a Content Security Policy directive. This will make our handling of * more closely conform to <https://w3c.github.io/webappsec-csp/#match-url-to-source-expression> (2 December 2016).

Attachments
Patch and layout tests (10.05 KB, patch) 2016-12-13 10:19 PST, Daniel Bates	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Daniel Bates

Comment 1 2016-12-13 09:59:47 PST

Daniel Bates

Comment 2 2016-12-13 10:19:37 PST

Created attachment 297019 [details] Patch and layout tests

David Kilzer (:ddkilzer)

Comment 3 2016-12-13 16:10:20 PST

Comment on attachment 297019 [details] Patch and layout tests r=me

Daniel Bates

Comment 4 2016-12-13 20:18:50 PST

Comment on attachment 297019 [details] Patch and layout tests Clearing flags on attachment: 297019 Committed r209789: <http://trac.webkit.org/changeset/209789>

Daniel Bates

Comment 5 2016-12-13 20:18:55 PST

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Local Build

Hardware All

OS All

Product WebKit

Component WebCore Misc.

Assignee

Daniel Bates

Reported

2016-12-13 09:58 PST

Modified

2016-12-13 20:18 PST History

CC List

4 users Show

URL

Keywords InRadar, WebExposed

Depends on

Blocks