[Webkit-unassigned] [Bug 184149] Do CSP checks in the network process

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Apr 25 06:39:01 PDT 2018


--- Comment #6 from Daniel Bates <dbates at webkit.org> ---
(In reply to youenn fablet from comment #5)
> I think doing CSP checks in network process is going in the right direction.
> Maybe not the most urgent thing to do but still good to do.
> This has gains in terms of efficiency and security.

Can you please elaborate on security?

> This will also allow simplifying the model of the loading code.

I am unclear how this will allow us to simplify the model of loading code given that we will need to keep the same checks in the Web process for legacy WebKit and hence need to avoid performing the same check twice if we add checks in the network process as well as need to either pass script execution state to the network process or have it call back to the web process in order to provide source code line information when sending the violation report and dispatching the DOM SecurityPolicyViolatioj event.

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180425/3b7ec4bc/attachment.html>

More information about the webkit-unassigned mailing list