[Webkit-unassigned] [Bug 154520] New: CSP: Enable form-action directive by default

Sun Feb 21 15:32:16 PST 2016

https://bugs.webkit.org/show_bug.cgi?id=154520

            Bug ID: 154520
           Summary: CSP: Enable form-action directive by default
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Local Build
          Hardware: All
                OS: All
            Status: NEW
          Keywords: WebExposed
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: dbates at webkit.org
                CC: webkit-bug-importer at group.apple.com

Currently the Content Security Policy form-action directive is guarded by ENABLE(CSP_NEXT) and a runtime flag, both are disabled by default. This directive has been part of the Content Security Policy spec. since version 1.1 and other browsers, Google Chrome, have enabled it by default for some time. We should enable it by default.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160221/2ea75783/attachment-0001.html>