Bug 185070 - CSP: Implement `prefetch-src` directive
Summary: CSP: Implement `prefetch-src` directive
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Ryan Reno
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2018-04-27 01:21 PDT by Yoav Weiss
Modified: 2022-10-17 14:37 PDT (History)
5 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Yoav Weiss 2018-04-27 01:21:02 PDT 
In order to block potential data leaks through prefetch requests, it was decided [1] that a `prefetch-src`CSP directive would be added and control such requests, and that prefetch requests would have their own `Request.initiator` and an empty string destination[2].

[1] https://github.com/w3c/webappsec-csp/issues/107
[2] https://github.com/whatwg/fetch/pull/659


Tests: http://w3c-test.org/content-security-policy/prefetch-src/
Comment 1 Radar WebKit Bug Importer 2018-04-28 19:13:00 PDT 
<rdar://problem/39821187>
Comment 2 Ryan Reno 2022-10-13 18:56:30 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/5360
Comment 3 EWS 2022-10-17 14:37:03 PDT 
Committed 255653@main (b632f9d274f3): <https://commits.webkit.org/255653@main>

Reviewed commits have been landed. Closing PR #5360 and removing active labels.