249596 – Store CSP delivered via meta tag as a valid HTTP header

RESOLVED FIXED 249596

Store CSP delivered via meta tag as a valid HTTP header

https://bugs.webkit.org/show_bug.cgi?id=249596

Summary Store CSP delivered via meta tag as a valid HTTP header

Ryan Reno

Reported 2022-12-19 10:51:30 PST

A meta delivered CSP could contain invalid HTTP header value characters (for example, newlines). We should strip those characters out and store the CSP as a valid HTTP header for later inheritance.

Attachments
Add attachment proposed patch, testcase, etc.

Ryan Reno

Comment 1 2022-12-19 10:51:47 PST

<rdar://problem/103170891>

Ryan Reno

Comment 2 2022-12-19 11:37:06 PST

Pull request: https://github.com/WebKit/WebKit/pull/7860

EWS

Comment 3 2022-12-19 17:06:23 PST

Committed 258110@main (0445ac553799): <https://commits.webkit.org/258110@main> Reviewed commits have been landed. Closing PR #7860 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component Page Loading

Assignee

Ryan Reno

Reported

2022-12-19 10:51 PST

Modified

2022-12-19 17:06 PST History

CC List

2 users Show

URL

Keywords InRadar

Depends on

Blocks