173498 – Skip Content Security Policy check for media request for blob: and other custom schemes initiated from an element in user agent shadow tree

Bug 173498 - Skip Content Security Policy check for media request for blob: and other custom schemes initiated from an element in user agent shadow tree

Summary: Skip Content Security Policy check for media request for blob: and other cust...

Status:	NEW

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebCore Misc. (show other bugs)
Version:	WebKit Local Build
Hardware:	All All

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2017-06-16 15:51 PDT by Daniel Bates
Modified:	2017-06-16 16:02 PDT (History)
CC List:	1 user (show)

See Also:	155505

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Daniel Bates 2017-06-16 15:51:25 PDT

Splitting off from <https://bugs.webkit.org/show_bug.cgi?id=155505>, we should skip enforcing the Content Security Policy (CSP) of the page for media loads to blob URLs and other external schemes that are initiated by an element in a user-agent shadow tree because such elements are considered an implementation detail and should not be exposed to web developers.

Comment 1 Radar WebKit Bug Importer 2017-06-16 15:51:41 PDT

<rdar://problem/32825307>