[Webkit-unassigned] [Bug 184149] Do CSP checks in the network process

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Apr 24 20:51:11 PDT 2018


youenn fablet <youennf at gmail.com> changed:

           What    |Removed                     |Added
             Status|RESOLVED                    |REOPENED
         Resolution|WONTFIX                     |---

--- Comment #5 from youenn fablet <youennf at gmail.com> ---
I think doing CSP checks in network process is going in the right direction. Maybe not the most urgent thing to do but still good to do.

This has gains in terms of efficiency and security.
This will also allow simplifying the model of the loading code.

Ideally, we should only expose to WebProcess what fetch exposes, meaning whether a response is redirected or not. Currently we are exposing all redirect URLs, which might contain sensitive information.
Agreed that we are not there yet, so finalizing CSP checks in Network process might not be the highest priority now.

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180425/19967339/attachment-0001.html>

More information about the webkit-unassigned mailing list