[Webkit-unassigned] [Bug 173498] New: Skip Content Security Policy check for media request for blob: and other external schemes initiated from an element in user agent shadow tree

Fri Jun 16 15:51:25 PDT 2017

https://bugs.webkit.org/show_bug.cgi?id=173498

            Bug ID: 173498
           Summary: Skip Content Security Policy check for media request
                    for blob: and other external schemes initiated from an
                    element in user agent shadow tree
           Product: WebKit
           Version: WebKit Local Build
          Hardware: All
                OS: All
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: dbates at webkit.org
                CC: webkit-bug-importer at group.apple.com

Splitting off from <https://bugs.webkit.org/show_bug.cgi?id=155505>, we should skip enforcing the Content Security Policy (CSP) of the page for media loads to blob URLs and other external schemes that are initiated by an element in a user-agent shadow tree because such elements are considered an implementation detail and should not be exposed to web developers.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170616/40d53a65/attachment.html>