Bug 246616
| Summary: | Sandbox not working in CSP | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Carlos J. <carlosj-webkit-bugzilla> |
| Component: | WebKit Extensions | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED CONFIGURATION CHANGED | ||
| Severity: | Normal | CC: | ap, timothy |
| Priority: | P2 | ||
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Carlos J.
When the sandbox directive is included in the content_security_policy, even when it includes allow-scripts, it breaks all functionality from the extensions. It seems allow-scripts is simply ignored.
A test/demo version can be found here:
https://github.com/carlosjeurissen/webext-tech-demo-extensions/tree/main/issues/safari-9612454-sandbox-in-csp
In normal browsers, "loading..." should change to "loaded". Not in safari due to this issue.
Previously reported as:
https://feedbackassistant.apple.com/feedback/9612454
https://developer.apple.com/forums/thread/669989
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Alexey Proskuryakov
This was fixed in iOS 15.4 outside WebKit. Please reopen if this still reproduces for you.
Carlos J.
Thanks!