[Webkit-unassigned] [Bug 185070] New: CSP: Implement `prefetch-src` directive
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Apr 27 01:21:02 PDT 2018
https://bugs.webkit.org/show_bug.cgi?id=185070
Bug ID: 185070
Summary: CSP: Implement `prefetch-src` directive
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: WebCore Misc.
Assignee: webkit-unassigned at lists.webkit.org
Reporter: yoav at yoav.ws
In order to block potential data leaks through prefetch requests, it was decided [1] that a `prefetch-src`CSP directive would be added and control such requests, and that prefetch requests would have their own `Request.initiator` and an empty string destination[2].
[1] https://github.com/w3c/webappsec-csp/issues/107
[2] https://github.com/whatwg/fetch/pull/659
Tests: http://w3c-test.org/content-security-policy/prefetch-src/
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180427/16c69e66/attachment.html>
More information about the webkit-unassigned
mailing list