[Webkit-unassigned] [Bug 154521] New: CSP: Enable base-uri directive by default
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Feb 21 15:34:02 PST 2016
https://bugs.webkit.org/show_bug.cgi?id=154521
Bug ID: 154521
Summary: CSP: Enable base-uri directive by default
Classification: Unclassified
Product: WebKit
Version: WebKit Local Build
Hardware: All
OS: All
Status: NEW
Keywords: WebExposed
Severity: Normal
Priority: P2
Component: WebCore Misc.
Assignee: webkit-unassigned at lists.webkit.org
Reporter: dbates at webkit.org
CC: webkit-bug-importer at group.apple.com
Currently the Content Security Policy base-uri directive is guarded by ENABLE(CSP_NEXT) and a runtime flag, both are disabled by default. This directive has been part of the Content Security Policy spec. since version 1.1 and other browsers, Google Chrome, have enabled it by default for some time. We should enable it by default.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160221/e8534b5f/attachment.html>
More information about the webkit-unassigned
mailing list