WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
NEW
207039
Content blocker: add a new action that adds custom CSP
https://bugs.webkit.org/show_bug.cgi?id=207039
Summary
Content blocker: add a new action that adds custom CSP
Andrey Meshkov
Reported
2020-01-31 05:02:50 PST
AdGuard, uBlock Origin, and Adblock Plus provide this option and it is quite popular among filter lists maintainers. The idea is that content blockers should be able to add custom Content Security policies to pages matching the "url-filter". Please note, that this can only make CSP stricter because existing CSP must stay untouched. Here's how it could look like: "action": { "type": "add-csp", "csp": "script-src 'self' 'unsafe-eval'" } Example: One of the most popular use cases for this type of rules is disabling inline scripts. If this feature request is implemented, it could be done with a rule like this: "action": { "type": "add-csp", "csp": "script-src 'self' 'unsafe-eval' http: https:" }
Attachments
Add attachment
proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1
2020-01-31 21:55:01 PST
<
rdar://problem/59084750
>
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug