<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><span class="vcard"><a class="email" href="mailto:dbates@webkit.org" title="Daniel Bates <dbates@webkit.org>"> <span class="fn">Daniel Bates</span></a>
</span> changed
<a class="bz_bug_link
bz_status_NEW "
title="NEW - CSP: object-src and plugin-types directives are not respected for plugin replacements"
href="https://bugs.webkit.org/show_bug.cgi?id=159761">bug 159761</a>
<br>
<table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>What</th>
<th>Removed</th>
<th>Added</th>
</tr>
<tr>
<td style="text-align:right;">Summary</td>
<td>CSP: Neither `object-src` nor `frame-src` blocks YouTube videos on iOS.
</td>
<td>CSP: object-src and plugin-types directives are not respected for plugin replacements
</td>
</tr></table>
<p>
<div>
<b><a class="bz_bug_link
bz_status_NEW "
title="NEW - CSP: object-src and plugin-types directives are not respected for plugin replacements"
href="https://bugs.webkit.org/show_bug.cgi?id=159761#c3">Comment # 3</a>
on <a class="bz_bug_link
bz_status_NEW "
title="NEW - CSP: object-src and plugin-types directives are not respected for plugin replacements"
href="https://bugs.webkit.org/show_bug.cgi?id=159761">bug 159761</a>
from <span class="vcard"><a class="email" href="mailto:dbates@webkit.org" title="Daniel Bates <dbates@webkit.org>"> <span class="fn">Daniel Bates</span></a>
</span></b>
<pre>This issue effects plugin replacement content in general. We neither respect the object-src directive nor the plugin-types directive for plugin replacements. At the time of writing we have plugin replacements for YouTube flash videos and the QuickTime plugin.
Currently we apply these directives to an HTML object/element that either loads an actual plugin or creates a nested browsing context (acts like an <iframe>). We also need to apply these directives when we make use of a plugin replacement.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>