RESOLVED DUPLICATE of bug 235837 181846
CSP: object-src is propagated to iframed HTML documents without CSP meta-refreshing to a PDF URI 
https://bugs.webkit.org/show_bug.cgi?id=181846
Summary CSP: object-src is propagated to iframed HTML documents without CSP meta-refr...
Michele Spagnuolo
Reported 2018-01-19 04:02:26 PST
The object-src directive of an embedding HTML document is propagated to iframed HTML documents without CSP meta-refreshing to a PDF URI. PoC: https://poc.miki.it/CSP/safari_object_src_iframe/ The third case should not be blocked according to the CSP specification (cross-test with Chromium), because the intermediate HTML page does not have a CSP.
Attachments
Web archive of poc.miki.it (4.79 MB, application/x-webarchive)
2018-09-18 11:14 PDT, Daniel Bates 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2018-01-19 11:32:03 PST
<rdar://problem/36665327>
Daniel Bates
Comment 2 2018-09-18 11:14:44 PDT
Created attachment 350033 [details] Web archive of poc.miki.it For historical preservation, attached a web archive of <https://poc.miki.it/CSP/safari_object_src_iframe/> as it appeared on 09/18/2018.
Brent Fulgham
Comment 3 2022-02-08 16:15:12 PST
Thank you for this great bug report. Years later, we have fixed the underlying issue in Bug 235837. When I use the stored webarchive, I can confirm the third case is not blocked.
Brent Fulgham
Comment 4 2022-02-08 16:15:40 PST
*** This bug has been marked as a duplicate of bug 235837 ***
Brent Fulgham
Comment 5 2022-02-08 16:16:10 PST
You should be able to confirm in STP 139, iOS 15.4 Beta, and macOS 12.3 Beta (or newer).
Note You need to log in before you can comment on or make changes to this bug.