RESOLVED FIXED 69353
Add support for the CSP connect-src directive 
https://bugs.webkit.org/show_bug.cgi?id=69353
Summary Add support for the CSP connect-src directive
Sam Weinig
Reported 2011-10-04 11:00:56 PDT
Add support for the CSP connect-src directive
Attachments
Patch (17.75 KB, patch)
2011-10-04 11:09 PDT, Sam Weinig 		abarth: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Sam Weinig
Comment 1 2011-10-04 11:09:46 PDT
Created attachment 109653 [details] Patch
Adam Barth
Comment 2 2011-10-04 11:16:22 PDT
Comment on attachment 109653 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=109653&action=review This is a good first iteration, but it would be good to do a followup that handles redirects as well. > Source/WebCore/page/ContentSecurityPolicy.h:66 > + bool allowConnectFromSource(const KURL&) const; I would have called this "allowConnectToSource" > Source/WebCore/page/EventSource.cpp:95 > + if (!context->contentSecurityPolicy()->allowConnectFromSource(fullURL)) { > + // FIXME: Should this be throwing an exception? > + ec = SECURITY_ERR; > + return 0; > + } What about redirects? > Source/WebCore/xml/XMLHttpRequest.cpp:434 > + if (!scriptExecutionContext()->contentSecurityPolicy()->allowConnectFromSource(url)) { > + // FIXME: Should this be throwing an exception? > + ec = SECURITY_ERR; > + return; > + } Same question about redirects.
Sam Weinig
Comment 3 2011-10-04 11:29:29 PDT
Committed r96621: <http://trac.webkit.org/changeset/96621>
Sam Weinig
Comment 4 2011-10-04 17:48:19 PDT
*** Bug 63636 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.