[Webkit-unassigned] [Bug 245249] New: Worker content security policy limits outer page
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Sep 15 15:33:26 PDT 2022
https://bugs.webkit.org/show_bug.cgi?id=245249
Bug ID: 245249
Summary: Worker content security policy limits outer page
Product: WebKit
Version: WebKit Nightly Build
Hardware: iPhone / iPad
OS: Other
Status: NEW
Severity: Normal
Priority: P2
Component: Service Workers
Assignee: webkit-unassigned at lists.webkit.org
Reporter: nb at 8thwall.com
* This is a Worker() issue, not a Service Worker issue, but there is no Worker component *
* This is an iOS 16 issue but there is no iOS 16 dropdown for OS */
On iOS 16 we are seeing web workers fail to load. The workers are loaded from a page without a content security policy header. The workers themselves are served with https header `content-security-policy: sandbox; default-src none`. The intent is for the outer page to load and run the worker, but to sandbox the worker itself.
This works well on chrome and all recent versions of iOS prior to 16.
On iOS 16, the worker:
- Fails to load the URL (it doesn't show up in the network inspector tag).
- Does not report a security error.
- Calls onerror event with no message or details about the nature of the error. This is of type Event, not ErrorEvent.
It would be great to fix this so that the site can still load the worker.
If the error is intended, the onerror event should be an ErrorEvent with a message.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220915/2ff132e9/attachment-0001.htm>
More information about the webkit-unassigned
mailing list