[Webkit-unassigned] [Bug 154299] New: CSP: sandbox directive should be ignored when contained in a policy defined via a meta element

Tue Feb 16 11:18:10 PST 2016

https://bugs.webkit.org/show_bug.cgi?id=154299

            Bug ID: 154299
           Summary: CSP: sandbox directive should be ignored when
                    contained in a policy defined via a meta element
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Local Build
          Hardware: All
                OS: All
            Status: NEW
          Keywords: WebExposed
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: dbates at webkit.org
                CC: webkit-bug-importer at group.apple.com

The Content Security Policy sandbox directive should only be honored when enforcing a policy defined via a HTTP header as per section sandbox of the Content Security Policy 2.0 spec., <https://www.w3.org/TR/CSP2/#directive-sandbox> (21 July 2015):

[[
The sandbox directive will be ignored when monitoring a policy, and when contained in a policy defined via a meta element. Moreover, this directive has no effect when monitored, and has no reporting requirements.
]]

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160216/9854cad0/attachment.html>