<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body>
<p>
<div>
<b><a class="bz_bug_link
bz_status_RESOLVED bz_closed"
title="RESOLVED FIXED - REGRESSION (r197724): [GTK] Web Inspector: Images being blocked by CSP 2.0"
href="https://bugs.webkit.org/show_bug.cgi?id=155432#c7">Comment # 7</a>
on <a class="bz_bug_link
bz_status_RESOLVED bz_closed"
title="RESOLVED FIXED - REGRESSION (r197724): [GTK] Web Inspector: Images being blocked by CSP 2.0"
href="https://bugs.webkit.org/show_bug.cgi?id=155432">bug 155432</a>
from <span class="vcard"><a class="email" href="mailto:cgarcia@igalia.com" title="Carlos Garcia Campos <cgarcia@igalia.com>"> <span class="fn">Carlos Garcia Campos</span></a>
</span></b>
<pre>(In reply to <a href="show_bug.cgi?id=155432#c6">comment #6</a>)
<span class="quote">> Comment on <span class=""><a href="attachment.cgi?id=273962&action=diff" name="attach_273962" title="Patch">attachment 273962</a> <a href="attachment.cgi?id=273962&action=edit" title="Patch">[details]</a></span>
> Patch
>
> View in context:
> <a href="https://bugs.webkit.org/attachment.cgi?id=273962&action=review">https://bugs.webkit.org/attachment.cgi?id=273962&action=review</a>
>
> > Source/WebCore/ChangeLog:8
> > + The GTK+ port Web Inspector uses GResources for all internal
>
> Is this only necessary for the Web Inspector? If so, how did you come to the
> decision to allow the interpretation of source * for resource URLs for
> images and audio/video sub resources on all web pages as opposed to
> modifying the img-src and media-src directives in the Web Inspector's CSP
> policy to allow GResources.</span >
Because GResources are like a data URL in practice, so if we allow data URLs I don't see why not allowing GResources. They are always safe, so I don't think they should be blocked in any case.
<span class="quote">> > Source/WebCore/ChangeLog:9
> > + resources (images, fonts, scripts, etc.) that are now blocked by
>
> Does this issue affect JavaScripts scripts? I mean, the proposed change only
> affects the interpretation of source * for images and audio/video
> subresources.</span >
No, scripts were not affected.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>