An embedding client may want to impose content restrictions when loading third-party web pages to prevent content injections and ensure a consistent user experience regardless of how the third party content was produced. One way to do this is to make use of a Content Security Policy to impose content restrictions. An embedding client could use API/SPI to define a Content Security Policy to be applied to all subsequently loaded pages that takes precedence over the Content Security Policy delivered with a page.
Created attachment 300556 [details] Patch and unit tests
Attachment 300556 [details] did not pass style-queue: ERROR: Source/WebCore/page/csp/ContentSecurityPolicy.h:77: enum members should use InterCaps with an initial capital letter or initial 'k' for C-style enums. [readability/enum_casing] [4] Total errors found: 1 in 21 files If any of these errors are false positives, please file a bug against check-webkit-style.
Created attachment 300568 [details] Patch and unit tests Moved _setOverrideContentSecurityPolicy: SPI from WKWebViewPrivate to WKWebViewConfigurationPrivate based on a conversation with Anders Carlsson. In its preferred embodiment an embedding client will call _setOverrideContentSecurityPolicy: once so that the custom Content Security Policy applies to all page loads. That is, it is unlikely that an embedding client will want to change the custom Content Security Policy per load. So, it more appropriate to add this SPI to WKWebViewConfigurationPrivate.
Attachment 300568 [details] did not pass style-queue: ERROR: Source/WebCore/page/csp/ContentSecurityPolicy.h:77: enum members should use InterCaps with an initial capital letter or initial 'k' for C-style enums. [readability/enum_casing] [4] Total errors found: 1 in 26 files If any of these errors are false positives, please file a bug against check-webkit-style.
<rdar://problem/30102568>
Committed r211656: <http://trac.webkit.org/changeset/211656>