Bug 185070 - CSP: Implement `prefetch-src` directive
Summary: CSP: Implement `prefetch-src` directive
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Ryan Reno
Keywords: InRadar
Depends on:
Reported: 2018-04-27 01:21 PDT by Yoav Weiss
Modified: 2022-10-17 14:37 PDT (History)
5 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Yoav Weiss 2018-04-27 01:21:02 PDT
In order to block potential data leaks through prefetch requests, it was decided [1] that a `prefetch-src`CSP directive would be added and control such requests, and that prefetch requests would have their own `Request.initiator` and an empty string destination[2].

[1] https://github.com/w3c/webappsec-csp/issues/107
[2] https://github.com/whatwg/fetch/pull/659

Tests: http://w3c-test.org/content-security-policy/prefetch-src/
Comment 1 Radar WebKit Bug Importer 2018-04-28 19:13:00 PDT
Comment 2 Ryan Reno 2022-10-13 18:56:30 PDT
Pull request: https://github.com/WebKit/WebKit/pull/5360
Comment 3 EWS 2022-10-17 14:37:03 PDT
Committed 255653@main (b632f9d274f3): <https://commits.webkit.org/255653@main>

Reviewed commits have been landed. Closing PR #5360 and removing active labels.