<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - CSP error message when frame load is blocked does not read well"
href="https://bugs.webkit.org/show_bug.cgi?id=146279">146279</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>CSP error message when frame load is blocked does not read well
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr>
<tr>
<th>Product</th>
<td>WebKit
</td>
</tr>
<tr>
<th>Version</th>
<td>528+ (Nightly build)
</td>
</tr>
<tr>
<th>Hardware</th>
<td>All
</td>
</tr>
<tr>
<th>OS</th>
<td>All
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>Normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P2
</td>
</tr>
<tr>
<th>Component</th>
<td>WebCore Misc.
</td>
</tr>
<tr>
<th>Assignee</th>
<td>webkit-unassigned@lists.webkit.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>dbates@webkit.org
</td>
</tr></table>
<p>
<div>
<pre>When the Content Security Policy (CSP) blocks a frame load it emits an error message to the Web Inspector console that has the form:
Refused to frame '<a href="http://127.0.0.1:8000/security/contentSecurityPolicy/resources/alert-fail.html">http://127.0.0.1:8000/security/contentSecurityPolicy/resources/alert-fail.html</a>' because it violates the following Content Security Policy directive: "frame-src 'none'"
This error message does not read well. In particular, the phrase "Refused to frame" does not read well. We should make this error message read well so that it is clear that the CSP policy of the page blocked a frame load.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>