[Webkit-unassigned] [Bug 184149] Do CSP checks in the network process
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Apr 24 20:51:11 PDT 2018
https://bugs.webkit.org/show_bug.cgi?id=184149
youenn fablet <youennf at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|WONTFIX |---
--- Comment #5 from youenn fablet <youennf at gmail.com> ---
I think doing CSP checks in network process is going in the right direction. Maybe not the most urgent thing to do but still good to do.
This has gains in terms of efficiency and security.
This will also allow simplifying the model of the loading code.
Ideally, we should only expose to WebProcess what fetch exposes, meaning whether a response is redirected or not. Currently we are exposing all redirect URLs, which might contain sensitive information.
Agreed that we are not there yet, so finalizing CSP checks in Network process might not be the highest priority now.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180425/19967339/attachment-0001.html>
More information about the webkit-unassigned
mailing list