[Webkit-unassigned] [Bug 184149] Do CSP checks in the network process

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sat Apr 21 16:08:43 PDT 2018


https://bugs.webkit.org/show_bug.cgi?id=184149

--- Comment #2 from Daniel Bates <dbates at webkit.org> ---
(In reply to Ryosuke Niwa from comment #0)
> We should be checking CSP in the network process in process-per-origin.

Elaborating further the purpose of this bug is to perform CSP checks that operate on the HTTP response (e.g. frame-ancestor directive) or an HTTP redirect request in the network process. One of the benefits of performing such checks in the network process is that it avoids the need to send the HTTP response to the web content process for such analysis as the response may be for a cross-origin resource.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180421/a9a8f153/attachment.html>


More information about the webkit-unassigned mailing list