<html>

    <head>

      <base href="https://bugs.webkit.org/" />

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - REGRESSION(r206165): [GTK] Web inspector broken since r206165"

   href="https://bugs.webkit.org/show_bug.cgi?id=162387">162387</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>REGRESSION(r206165): [GTK] Web inspector broken since r206165

          </td>

        </tr>

        <tr>

          <th>Classification</th>

          <td>Unclassified

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>WebKit

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>WebKit Local Build

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>Unspecified

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>Unspecified

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Keywords</th>

          <td>Gtk

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>Normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P2

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>WebKit Gtk

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>webkit-unassigned&#64;lists.webkit.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>cgarcia&#64;igalia.com

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>achristensen&#64;apple.com, bugs-noreply&#64;webkitgtk.org, sam&#64;webkit.org

          </td>

        </tr></table>

      <p>

        <div>

        <pre>Web inspector no longer works after r206165 because it fails to load all resources with messages like:

CONSOLE ERROR Refused to load resource:///org/webkitgtk/inspector/UserInterface/External/CodeMirror/codemirror.css because it does not appear in the style-src directive of the Content Security Policy.

CONSOLE ERROR Refused to load resource:///org/webkitgtk/inspector/UserInterface/External/CodeMirror/codemirror.js because it does not appear in the script-src directive of the Content Security Policy.

Adding resource: to style-src or script-src doesn't work, resources are indeed loaded, but then it fails with:

resource:///org/webkitgtk/inspector/UserInterface/Base/Setting.js:61:44: CONSOLE ERROR SecurityError (DOM Exception 18): The operation is insecure.

resource:///org/webkitgtk/inspector/UserInterface/Main.html:1:21: CONSOLE ERROR ReferenceError: Can't find variable: InspectorFrontendAPI

Because since r206165 resource scheme is considered as unique origin. Simply including resource in the list of schemes checked in shouldTreatAsUniqueOrigin() would fix it, but I'm not sure it's really correct, because that's supposed to be the list of special schemes according to the spec (<a href="https://url.spec.whatwg.org/#origin">https://url.spec.whatwg.org/#origin</a>).</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are the assignee for the bug.</li>

      </ul>

    </body>

</html>