[webkit-reviews] review granted: [Bug 235260] "Unrecognized Content-Security-Policy directive 'worker-src'." : [Attachment 449581] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jan 27 09:11:06 PST 2022
Brent Fulgham <bfulgham at webkit.org> has granted Kate Cheney
<katherine_cheney at apple.com>'s request for review:
Bug 235260: "Unrecognized Content-Security-Policy directive 'worker-src'."
https://bugs.webkit.org/show_bug.cgi?id=235260
Attachment 449581: Patch
https://bugs.webkit.org/attachment.cgi?id=449581&action=review
--- Comment #10 from Brent Fulgham <bfulgham at webkit.org> ---
Comment on attachment 449581
--> https://bugs.webkit.org/attachment.cgi?id=449581
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=449581&action=review
Awesome work, Kate! r=me
> Source/WebCore/page/csp/ContentSecurityPolicy.cpp:619
> + String consoleMessage =
consoleMessageForViolation(ContentSecurityPolicyDirectiveNames::workerSrc,
violatedDirective, blockedURL, "Refused to load");
Nit: consoleMessage could be auto.
> Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.cpp:155
> +{
I found this ChangeLog comment to be helpful. I wonder if it might be useful to
reference here (perhaps with a spec reference):
// worker-src defers to child-src, then script-src, then default-src.
> LayoutTests/imported/w3c/ChangeLog:90
> + *
web-platform-tests/content-security-policy/gen/top.meta/worker-src-self/worker-
import-data.https-expected.txt:
So exciting to see! :-)
> LayoutTests/TestExpectations:-489
>
-imported/w3c/web-platform-tests/content-security-policy/gen/top.http-rp/script
-src-self/worker-import-data.https.html [ Skip ]
Yes!!!
>
LayoutTests/imported/w3c/web-platform-tests/content-security-policy/blob/self-d
oesnt-match-blob.sub-expected.txt:4
> +PASS Expecting logs: ["violated-directive=worker-src","TEST COMPLETE"]
:-)
More information about the webkit-reviews
mailing list