Bug 167810 - [Mac][WK2] Add SPI to override the Content Security Policy of a page
Summary: [Mac][WK2] Add SPI to override the Content Security Policy of a page
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit2 (show other bugs)
Version: WebKit Nightly Build
Hardware: Mac macOS 10.12
: P2 Normal
Assignee: Daniel Bates
URL:
Keywords: InRadar, PlatformOnly
Depends on:
Blocks:
 
Reported: 2017-02-03 12:16 PST by Daniel Bates
Modified: 2017-02-03 15:16 PST (History)
9 users (show)

See Also:


Attachments
Patch and unit tests (29.55 KB, patch)
2017-02-03 12:22 PST, Daniel Bates
no flags Details | Formatted Diff | Diff
Patch and unit tests (35.47 KB, patch)
2017-02-03 15:01 PST, Daniel Bates
andersca: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Bates 2017-02-03 12:16:42 PST
An embedding client may want to impose content restrictions when loading third-party web pages to prevent content injections and ensure a consistent user experience regardless of how the third party content was produced.

One way to do this is to make use of a Content Security Policy to impose content restrictions. An embedding client could use API/SPI to define a Content Security Policy to be applied to all subsequently loaded pages that takes precedence over the Content Security Policy delivered with a page.
Comment 1 Daniel Bates 2017-02-03 12:22:36 PST
Created attachment 300556 [details]
Patch and unit tests
Comment 2 WebKit Commit Bot 2017-02-03 12:25:34 PST
Attachment 300556 [details] did not pass style-queue:


ERROR: Source/WebCore/page/csp/ContentSecurityPolicy.h:77:  enum members should use InterCaps with an initial capital letter or initial 'k' for C-style enums.  [readability/enum_casing] [4]
Total errors found: 1 in 21 files


If any of these errors are false positives, please file a bug against check-webkit-style.
Comment 3 Daniel Bates 2017-02-03 15:01:21 PST
Created attachment 300568 [details]
Patch and unit tests

Moved _setOverrideContentSecurityPolicy: SPI from WKWebViewPrivate to WKWebViewConfigurationPrivate based on a conversation with Anders Carlsson. In its preferred embodiment an embedding client will call _setOverrideContentSecurityPolicy: once so that the custom Content Security Policy applies to all page loads. That is, it is unlikely that an embedding client will want to change the custom Content Security Policy per load. So, it more appropriate to add this SPI to WKWebViewConfigurationPrivate.
Comment 4 WebKit Commit Bot 2017-02-03 15:03:42 PST
Attachment 300568 [details] did not pass style-queue:


ERROR: Source/WebCore/page/csp/ContentSecurityPolicy.h:77:  enum members should use InterCaps with an initial capital letter or initial 'k' for C-style enums.  [readability/enum_casing] [4]
Total errors found: 1 in 26 files


If any of these errors are false positives, please file a bug against check-webkit-style.
Comment 5 Daniel Bates 2017-02-03 15:06:07 PST
<rdar://problem/30102568>
Comment 6 Daniel Bates 2017-02-03 15:16:26 PST
Committed r211656: <http://trac.webkit.org/changeset/211656>