[Webkit-unassigned] [Bug 184031] New: CSP: Implement 'strict-dynamic' source expression
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Mar 26 20:57:53 PDT 2018
https://bugs.webkit.org/show_bug.cgi?id=184031
Bug ID: 184031
Summary: CSP: Implement 'strict-dynamic' source expression
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
URL: See
https://w3c.github.io/webappsec-csp/#strict-dynamic-us
age
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: WebCore Misc.
Assignee: webkit-unassigned at lists.webkit.org
Reporter: mike at w3.org
See https://w3c.github.io/webappsec-csp/#strict-dynamic-usage
The CSP 'strict-dynamic' source expression is a way for CSP policies to (1) specify that if a CSP-trusted script loads other scripts, the UA must propagate its trustedness to any other scripts it loads, while also (2) specifying that the UA must ignore any host-source and scheme-source expressions which might also be provided in the policy — as well as ignoring the "'unsafe-inline'" and "'self' keyword-sources if they are provided in the policy.
Gecko and Blink/Chrome already have 'strict-dynamic' support (not sure if Edge does or not yet).
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20180327/86418e96/attachment.html>
More information about the webkit-unassigned
mailing list