[Webkit-unassigned] [Bug 154521] New: CSP: Enable base-uri directive by default

Sun Feb 21 15:34:02 PST 2016

https://bugs.webkit.org/show_bug.cgi?id=154521

            Bug ID: 154521
           Summary: CSP: Enable base-uri directive by default
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Local Build
          Hardware: All
                OS: All
            Status: NEW
          Keywords: WebExposed
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: dbates at webkit.org
                CC: webkit-bug-importer at group.apple.com

Currently the Content Security Policy base-uri directive is guarded by ENABLE(CSP_NEXT) and a runtime flag, both are disabled by default. This directive has been part of the Content Security Policy spec. since version 1.1 and other browsers, Google Chrome, have enabled it by default for some time. We should enable it by default.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160221/e8534b5f/attachment.html>