Bug 246616

Summary: Sandbox not working in CSP
Product: WebKit Reporter: Carlos J. <carlosj-webkit-bugzilla>
Component: WebKit ExtensionsAssignee: Nobody <webkit-unassigned>
Status: RESOLVED CONFIGURATION CHANGED    
Severity: Normal CC: ap, timothy
Priority: P2    
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

Description Carlos J. 2022-10-17 04:48:57 PDT 
When the sandbox directive is included in the content_security_policy, even when it includes allow-scripts, it breaks all functionality from the extensions. It seems allow-scripts is simply ignored.

A test/demo version can be found here:
https://github.com/carlosjeurissen/webext-tech-demo-extensions/tree/main/issues/safari-9612454-sandbox-in-csp

In normal browsers, "loading..." should change to "loaded". Not in safari due to this issue.

Previously reported as:
https://feedbackassistant.apple.com/feedback/9612454
https://developer.apple.com/forums/thread/669989
Comment 1 Alexey Proskuryakov 2022-10-17 10:34:26 PDT 
This was fixed in iOS 15.4 outside WebKit. Please reopen if this still reproduces for you.
Comment 2 Carlos J. 2022-10-18 06:29:18 PDT 
Thanks!