Bug 207039 - Content blocker: add a new action that adds custom CSP
Summary: Content blocker: add a new action that adds custom CSP
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit Misc. (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2020-01-31 05:02 PST by Andrey Meshkov
Modified: 2021-08-10 15:36 PDT (History)
4 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andrey Meshkov 2020-01-31 05:02:50 PST 
AdGuard, uBlock Origin, and Adblock Plus provide this option and it is quite popular among filter lists maintainers.

The idea is that content blockers should be able to add custom Content Security policies to pages matching the "url-filter".
Please note, that this can only make CSP stricter because existing CSP must stay untouched.

Here's how it could look like:

    "action": {
        "type": "add-csp",
        "csp": "script-src 'self' 'unsafe-eval'"
    }

Example:

One of the most popular use cases for this type of rules is disabling inline scripts.
If this feature request is implemented, it could be done with a rule like this:

    "action": {
        "type": "add-csp",
        "csp": "script-src 'self' 'unsafe-eval' http: https:"
    }
Comment 1 Radar WebKit Bug Importer 2020-01-31 21:55:01 PST 
<rdar://problem/59084750>