[Webkit-unassigned] [Bug 155505] New: Skip Content Security Policy check for a media request initiated from an element in user-agent shadow tree

Tue Mar 15 12:34:06 PDT 2016

https://bugs.webkit.org/show_bug.cgi?id=155505

            Bug ID: 155505
           Summary: Skip Content Security Policy check for a media request
                    initiated from an element in user-agent shadow tree
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: All
                OS: All
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: dbates at webkit.org

We should explicitly skip enforcing the Content Security Policy (CSP) of the page for media loads that are initiated by an element in a user-agent shadow tree because such elements are considered an implementation detail and should not be exposed to web developers. Currently we implicitly skip enforcement of CSP because media resources are treated as raw resources and we do not apply CSP to raw resources.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160315/1d3f9217/attachment.html>