Add support for the CSP connect-src directive
Created attachment 109653 [details] Patch
Comment on attachment 109653 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=109653&action=review This is a good first iteration, but it would be good to do a followup that handles redirects as well. > Source/WebCore/page/ContentSecurityPolicy.h:66 > + bool allowConnectFromSource(const KURL&) const; I would have called this "allowConnectToSource" > Source/WebCore/page/EventSource.cpp:95 > + if (!context->contentSecurityPolicy()->allowConnectFromSource(fullURL)) { > + // FIXME: Should this be throwing an exception? > + ec = SECURITY_ERR; > + return 0; > + } What about redirects? > Source/WebCore/xml/XMLHttpRequest.cpp:434 > + if (!scriptExecutionContext()->contentSecurityPolicy()->allowConnectFromSource(url)) { > + // FIXME: Should this be throwing an exception? > + ec = SECURITY_ERR; > + return; > + } Same question about redirects.
Committed r96621: <http://trac.webkit.org/changeset/96621>
*** Bug 63636 has been marked as a duplicate of this bug. ***