[webkit-reviews] review granted: [Bug 182160] CSP post checks should be done for service worker responses : [Attachment 332344] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jan 25 19:56:28 PST 2018
Daniel Bates <dbates at webkit.org> has granted youenn fablet
<youennf at gmail.com>'s request for review:
Bug 182160: CSP post checks should be done for service worker responses
https://bugs.webkit.org/show_bug.cgi?id=182160
Attachment 332344: Patch
https://bugs.webkit.org/attachment.cgi?id=332344&action=review
--- Comment #8 from Daniel Bates <dbates at webkit.org> ---
Comment on attachment 332344
--> https://bugs.webkit.org/attachment.cgi?id=332344
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=332344&action=review
This patch does more than adds a CSP check. It also adds a mixed content check.
We also need to add a nosniff check and the Fetch spec also has a MIME type
check. Do you plan to follow up to add the other checks?
> Source/WebCore/loader/SubresourceLoader.cpp:305
> + || !loader.checkInsecureContent(m_resource->type(),
response.url())) {
Please add test(s) for mixed content.
More information about the webkit-reviews
mailing list