[Webkit-unassigned] [Bug 239840] REGRESSION (iOS 15.4): Worker csp with script-src 'strict-dynamic' and script-src-elem blocks importScripts that should pass
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Apr 30 10:44:30 PDT 2022
https://bugs.webkit.org/show_bug.cgi?id=239840
--- Comment #5 from Patrick Griffis <pgriffis at igalia.com> ---
Didn't write a test for it yet and not sure this is the correct directive for everything that calls this method but the most direct fix:
diff --git a/Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.cpp b/Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.cpp
index 7d73ac8bfb97..c7466c36f437 100644
--- a/Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.cpp
+++ b/Source/WebCore/page/csp/ContentSecurityPolicyDirectiveList.cpp
@@ -408,8 +408,7 @@ const ContentSecurityPolicyDirective* ContentSecurityPolicyDirectiveList::violat
const ContentSecurityPolicyDirective* ContentSecurityPolicyDirectiveList::violatedDirectiveForScript(const URL& url, bool didReceiveRedirectResponse, const Vector<ResourceCryptographicDigest>& subResourceIntegrityDigests, const String& nonce) const
{
- auto* operativeDirective = this->operativeDirective(m_scriptSrc.get(), ContentSecurityPolicyDirectiveNames::scriptSrcElem);
+ auto* operativeDirective = this->operativeDirective(m_scriptSrcElem.get(), ContentSecurityPolicyDirectiveNames::scriptSrcElem);
if (!operativeDirective
|| operativeDirective->containsAllHashes(subResourceIntegrityDigests)
|| checkNonce(operativeDirective, nonce)
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220430/2904a655/attachment.htm>
More information about the webkit-unassigned
mailing list