Bug 165804 - CSP: ws: and wss: blocked with connect-src *
Summary: CSP: ws: and wss: blocked with connect-src *
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: WebKit Local Build
Hardware: All All
: P2 Normal
Assignee: Daniel Bates
URL:
Keywords: InRadar, WebExposed
Depends on:
Blocks:
 
Reported: 2016-12-13 09:58 PST by Daniel Bates
Modified: 2016-12-13 20:18 PST (History)
4 users (show)

See Also:


Attachments
Patch and layout tests (10.05 KB, patch)
2016-12-13 10:19 PST, Daniel Bates
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Bates 2016-12-13 09:58:49 PST
We should allow * to match ws: or wss: when used in a Content Security Policy directive. This will make our handling of * more closely conform to <https://w3c.github.io/webappsec-csp/#match-url-to-source-expression> (2 December 2016).
Comment 1 Daniel Bates 2016-12-13 09:59:47 PST
<rdar://problem/28563643>
Comment 2 Daniel Bates 2016-12-13 10:19:37 PST
Created attachment 297019 [details]
Patch and layout tests
Comment 3 David Kilzer (:ddkilzer) 2016-12-13 16:10:20 PST
Comment on attachment 297019 [details]
Patch and layout tests

r=me
Comment 4 Daniel Bates 2016-12-13 20:18:50 PST
Comment on attachment 297019 [details]
Patch and layout tests

Clearing flags on attachment: 297019

Committed r209789: <http://trac.webkit.org/changeset/209789>
Comment 5 Daniel Bates 2016-12-13 20:18:55 PST
All reviewed patches have been landed.  Closing bug.