[Webkit-unassigned] [Bug 207039] New: Content blocker: add a new action that adds custom CSP
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jan 31 05:02:50 PST 2020
https://bugs.webkit.org/show_bug.cgi?id=207039
Bug ID: 207039
Summary: Content blocker: add a new action that adds custom CSP
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: WebKit Misc.
Assignee: webkit-unassigned at lists.webkit.org
Reporter: am at adguard.com
AdGuard, uBlock Origin, and Adblock Plus provide this option and it is quite popular among filter lists maintainers.
The idea is that content blockers should be able to add custom Content Security policies to pages matching the "url-filter".
Please note, that this can only make CSP stricter because existing CSP must stay untouched.
Here's how it could look like:
"action": {
"type": "add-csp",
"csp": "script-src 'self' 'unsafe-eval'"
}
Example:
One of the most popular use cases for this type of rules is disabling inline scripts.
If this feature request is implemented, it could be done with a rule like this:
"action": {
"type": "add-csp",
"csp": "script-src 'self' 'unsafe-eval' http: https:"
}
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200131/e47f98a5/attachment.htm>
More information about the webkit-unassigned
mailing list