[Webkit-unassigned] [Bug 167810] New: [Mac][WK2] Add SPI to override the Content Security Policy of a page

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Feb 3 12:16:42 PST 2017


            Bug ID: 167810
           Summary: [Mac][WK2] Add SPI to override the Content Security
                    Policy of a page
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Macintosh
                OS: macOS 10.12
            Status: NEW
          Keywords: PlatformOnly
          Severity: Normal
          Priority: P2
         Component: WebKit2
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: dbates at webkit.org
                CC: andersca at apple.com, jer.noble at apple.com,
                    sam at webkit.org

An embedding client may want to impose content restrictions when loading third-party web pages to prevent content injections and ensure a consistent user experience regardless of how the third party content was produced.

One way to do this is to make use of a Content Security Policy to impose content restrictions. An embedding client could use API/SPI to define a Content Security Policy to be applied to all subsequently loaded pages that takes precedence over the Content Security Policy delivered with a page.

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170203/f99e0ddb/attachment.html>

More information about the webkit-unassigned mailing list