[Webkit-unassigned] [Bug 155432] REGRESSION (r197724): [GTK] Web Inspector: Images being blocked by CSP 2.0
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Mar 17 07:34:34 PDT 2016
https://bugs.webkit.org/show_bug.cgi?id=155432
--- Comment #11 from Daniel Bates <dbates at webkit.org> ---
(In reply to comment #9)
>
> > Unless we know that there are popular web sites that make use of resource
> > URLs and define a CSP that depends on * allowing such URLs then we should
> > revert <http://trac.webkit.org/changeset/198201> and take a similar approach
> > as in the fix for bug 155182 to add resource: to the image-src and media-src
> > directives in the CSP policy for the Web Inspector.
>
> No there isn't any website using resource URLs, because GResources are
> something internal to the application in the client side. We use GResources
> inside WebKit itself to compile all the resources (inspector files, but also
> webcire icons) in the shared library. That way we don't need to install the
> resources and find them in the file system at runtime, they are always
> available to any application linking to the library. GTK+ applications also
> compile their own GResources in their injected bundle library to make their
> own resources available to the web process. It's typically used for user
> scripts, custom error pages, about: pages, etc. So, GResources shouldn't be
> affected by the CSP at all, because they are never used by websites, but by
> applications as an implementation detail.
>
Then please revert <http://trac.webkit.org/changeset/198201> and add resource: to the list of schemes allowed by the web inspector.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160317/6b4d18da/attachment.html>
More information about the webkit-unassigned
mailing list