REOPENED 246615
protocol source matches for CSP of extensions 
https://bugs.webkit.org/show_bug.cgi?id=246615
Summary protocol source matches for CSP of extensions
Carlos J.
Reported 2022-10-17 04:46:05 PDT
To allow developers to enforce are more strict CSP, allow wildmark matches. Basically without wildmark matches I have to leave out the directive completely. One use case is limiting the set of images an extension is able to load in their own context. Normally, any image can be loaded within the extension, yet when you set this as CSP: default-src: none; img-src: https:; Only images from https can be loaded. Previously reported as: https://feedbackassistant.apple.com/feedback/8968973 https://developer.apple.com/forums/thread/669889
Attachments
Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2022-10-17 10:35:24 PDT
Thank you for the report. This will continue to be tracked by Apple internal as a Safari issue, not a WebKit one. rdar://73143960
Timothy Hatcher
Comment 2 2022-10-24 13:25:13 PDT
We are tracking bugs in Bugzilla for Web Extensions now as we move extensions support from Safari to WebKit.
Note You need to log in before you can comment on or make changes to this bug.