[Webkit-unassigned] [Bug 155505] New: Skip Content Security Policy check for a media request initiated from an element in user-agent shadow tree
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Mar 15 12:34:06 PDT 2016
https://bugs.webkit.org/show_bug.cgi?id=155505
Bug ID: 155505
Summary: Skip Content Security Policy check for a media request
initiated from an element in user-agent shadow tree
Classification: Unclassified
Product: WebKit
Version: WebKit Nightly Build
Hardware: All
OS: All
Status: NEW
Severity: Normal
Priority: P2
Component: WebCore Misc.
Assignee: webkit-unassigned at lists.webkit.org
Reporter: dbates at webkit.org
We should explicitly skip enforcing the Content Security Policy (CSP) of the page for media loads that are initiated by an element in a user-agent shadow tree because such elements are considered an implementation detail and should not be exposed to web developers. Currently we implicitly skip enforcement of CSP because media resources are treated as raw resources and we do not apply CSP to raw resources.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160315/1d3f9217/attachment.html>
More information about the webkit-unassigned
mailing list