RESOLVED FIXED167810
[Mac][WK2] Add SPI to override the Content Security Policy of a page 
https://bugs.webkit.org/show_bug.cgi?id=167810
Summary [Mac][WK2] Add SPI to override the Content Security Policy of a page
Daniel Bates
Reported 2017-02-03 12:16:42 PST
An embedding client may want to impose content restrictions when loading third-party web pages to prevent content injections and ensure a consistent user experience regardless of how the third party content was produced. One way to do this is to make use of a Content Security Policy to impose content restrictions. An embedding client could use API/SPI to define a Content Security Policy to be applied to all subsequently loaded pages that takes precedence over the Content Security Policy delivered with a page.
Attachments
Patch and unit tests (29.55 KB, patch)
2017-02-03 12:22 PST, Daniel Bates 		no flags
DetailsFormatted DiffDiff
Patch and unit tests (35.47 KB, patch)
2017-02-03 15:01 PST, Daniel Bates 		andersca: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Daniel Bates
Comment 1 2017-02-03 12:22:36 PST
Created attachment 300556 [details] Patch and unit tests
WebKit Commit Bot
Comment 2 2017-02-03 12:25:34 PST
Attachment 300556 [details] did not pass style-queue: ERROR: Source/WebCore/page/csp/ContentSecurityPolicy.h:77: enum members should use InterCaps with an initial capital letter or initial 'k' for C-style enums. [readability/enum_casing] [4] Total errors found: 1 in 21 files If any of these errors are false positives, please file a bug against check-webkit-style.
Daniel Bates
Comment 3 2017-02-03 15:01:21 PST
Created attachment 300568 [details] Patch and unit tests Moved _setOverrideContentSecurityPolicy: SPI from WKWebViewPrivate to WKWebViewConfigurationPrivate based on a conversation with Anders Carlsson. In its preferred embodiment an embedding client will call _setOverrideContentSecurityPolicy: once so that the custom Content Security Policy applies to all page loads. That is, it is unlikely that an embedding client will want to change the custom Content Security Policy per load. So, it more appropriate to add this SPI to WKWebViewConfigurationPrivate.
WebKit Commit Bot
Comment 4 2017-02-03 15:03:42 PST
Attachment 300568 [details] did not pass style-queue: ERROR: Source/WebCore/page/csp/ContentSecurityPolicy.h:77: enum members should use InterCaps with an initial capital letter or initial 'k' for C-style enums. [readability/enum_casing] [4] Total errors found: 1 in 26 files If any of these errors are false positives, please file a bug against check-webkit-style.
Daniel Bates
Comment 5 2017-02-03 15:06:07 PST
<rdar://problem/30102568>
Daniel Bates
Comment 6 2017-02-03 15:16:26 PST
Committed r211656: <http://trac.webkit.org/changeset/211656>
Note You need to log in before you can comment on or make changes to this bug.