185364 – CSP should only notify Inspector to pause the debugger on the first policy to violate a directive

Bug 185364 - CSP should only notify Inspector to pause the debugger on the first policy to violate a directive

Summary: CSP should only notify Inspector to pause the debugger on the first policy to...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebCore Misc. (show other bugs)
Version:	WebKit Local Build
Hardware:	All All

Importance:	P2 Normal
Assignee:	Daniel Bates

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2018-05-06 12:33 PDT by Daniel Bates
Modified:	2018-05-07 10:43 PDT (History)
CC List:	5 users (show)

See Also:

Attachments
Patch (6.75 KB, patch) 2018-05-06 12:39 PDT, Daniel Bates	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Daniel Bates 2018-05-06 12:33:33 PDT

It seems sufficient to tell Web Inspector that a script was blocked once for the first enforced CSP policy that it violated. Currently we tell Web Inspector that a script was blocked for each enforced CSP policy that it violated. When Web Inspector is notified of a CSP blocked script it pauses script execution. It does not seem very meaningful from a developer's perspective to have Web Inspector pause script execution for the same script because it violated more than one enforced CSP policy. Pausing once with the CSP violation text should provide enough insight for a developer to check all their CSP policies.

For completeness, a page can have more than one Content Security Policy if either its HTTP response has more than one Content-Security-Policy HTTP header or it has multiple <meta http-equiv="Content-Security-Policy"> elements (or both).

Comment 1 Daniel Bates 2018-05-06 12:39:52 PDT

Created attachment 339689 [details]
Patch

Comment 2 Brent Fulgham 2018-05-06 13:16:51 PDT

Comment on attachment 339689 [details]
Patch

Good idea! r=me

Comment 3 Daniel Bates 2018-05-07 10:41:55 PDT

Comment on attachment 339689 [details]
Patch

Clearing flags on attachment: 339689

Committed r231443: <https://trac.webkit.org/changeset/231443>

Comment 4 Daniel Bates 2018-05-07 10:41:57 PDT

All reviewed patches have been landed.  Closing bug.

Comment 5 Radar WebKit Bug Importer 2018-05-07 10:43:01 PDT

<rdar://problem/40027826>