RESOLVED FIXED Bug 185364
CSP should only notify Inspector to pause the debugger on the first policy to violate a directive 
https://bugs.webkit.org/show_bug.cgi?id=185364
Summary CSP should only notify Inspector to pause the debugger on the first policy to...
Daniel Bates
Reported 2018-05-06 12:33:33 PDT
It seems sufficient to tell Web Inspector that a script was blocked once for the first enforced CSP policy that it violated. Currently we tell Web Inspector that a script was blocked for each enforced CSP policy that it violated. When Web Inspector is notified of a CSP blocked script it pauses script execution. It does not seem very meaningful from a developer's perspective to have Web Inspector pause script execution for the same script because it violated more than one enforced CSP policy. Pausing once with the CSP violation text should provide enough insight for a developer to check all their CSP policies. For completeness, a page can have more than one Content Security Policy if either its HTTP response has more than one Content-Security-Policy HTTP header or it has multiple <meta http-equiv="Content-Security-Policy"> elements (or both).
Attachments
Patch (6.75 KB, patch)
2018-05-06 12:39 PDT, Daniel Bates 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Daniel Bates
Comment 1 2018-05-06 12:39:52 PDT
Created attachment 339689 [details] Patch
Brent Fulgham
Comment 2 2018-05-06 13:16:51 PDT
Comment on attachment 339689 [details] Patch Good idea! r=me
Daniel Bates
Comment 3 2018-05-07 10:41:55 PDT
Comment on attachment 339689 [details] Patch Clearing flags on attachment: 339689 Committed r231443: <https://trac.webkit.org/changeset/231443>
Daniel Bates
Comment 4 2018-05-07 10:41:57 PDT
All reviewed patches have been landed. Closing bug.
Radar WebKit Bug Importer
Comment 5 2018-05-07 10:43:01 PDT
<rdar://problem/40027826>
Note You need to log in before you can comment on or make changes to this bug.