<html>
    <head>
      <base href="https://bugs.webkit.org/">
    </head>
    <body><span class="vcard"><a class="email" href="mailto:youennf@gmail.com" title="youenn fablet <youennf@gmail.com>"> <span class="fn">youenn fablet</span></a>
</span> changed
          <a class="bz_bug_link 
          bz_status_REOPENED "
   title="REOPENED - Do CSP checks in the network process"
   href="https://bugs.webkit.org/show_bug.cgi?id=184149">bug 184149</a>
          <br>
             <table border="1" cellspacing="0" cellpadding="8">
          <tr>
            <th>What</th>
            <th>Removed</th>
            <th>Added</th>
          </tr>

         <tr>
           <td style="text-align:right;">Status</td>
           <td>RESOLVED
           </td>
           <td>REOPENED
           </td>
         </tr>

         <tr>
           <td style="text-align:right;">Resolution</td>
           <td>WONTFIX
           </td>
           <td>---
           </td>
         </tr></table>
      <p>
        <div>
            <b><a class="bz_bug_link 
          bz_status_REOPENED "
   title="REOPENED - Do CSP checks in the network process"
   href="https://bugs.webkit.org/show_bug.cgi?id=184149#c5">Comment # 5</a>
              on <a class="bz_bug_link 
          bz_status_REOPENED "
   title="REOPENED - Do CSP checks in the network process"
   href="https://bugs.webkit.org/show_bug.cgi?id=184149">bug 184149</a>
              from <span class="vcard"><a class="email" href="mailto:youennf@gmail.com" title="youenn fablet <youennf@gmail.com>"> <span class="fn">youenn fablet</span></a>
</span></b>
        <pre>I think doing CSP checks in network process is going in the right direction. Maybe not the most urgent thing to do but still good to do.

This has gains in terms of efficiency and security.
This will also allow simplifying the model of the loading code.

Ideally, we should only expose to WebProcess what fetch exposes, meaning whether a response is redirected or not. Currently we are exposing all redirect URLs, which might contain sensitive information.
Agreed that we are not there yet, so finalizing CSP checks in Network process might not be the highest priority now.</pre>
        </div>
      </p>


      <hr>
      <span>You are receiving this mail because:</span>

      <ul>
          <li>You are the assignee for the bug.</li>
      </ul>
    </body>
</html>