RESOLVED FIXED 113307
CSP 1.1: Experiment with 'base-uri' directive. 
https://bugs.webkit.org/show_bug.cgi?id=113307
Summary CSP 1.1: Experiment with 'base-uri' directive.
Mike West
Reported 2013-03-26 06:58:59 PDT
https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#base-uri defines a 'base-uri' directive which restricts the valid URIs which can be used to set the document's base URI. In order to feed implementation experience back into the working group, and to get a feel for how the API would work (and whether it addresses the use cases we care about), we should put together an experimental implementation behind the CSP_NEXT flag. Spec: https://dvcs.w3.org/hg/content-security-policy/rev/4b89c246ea16 Thread: http://lists.w3.org/Archives/Public/public-webappsec/2013Feb/0074.html
Attachments
Patch (13.75 KB, patch)
2013-03-26 07:07 PDT, Mike West 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Mike West
Comment 1 2013-03-26 07:07:06 PDT
Created attachment 195079 [details] Patch
Mike West
Comment 2 2013-03-26 07:11:40 PDT
Hey Jochen, I'm not sure if you're interested in reviewing CSP patches while Adam's out. If you are, would you mind taking a look at this one? If not, I'll poke Eric later. This isn't at all high-priority, so no rush. Thanks!
jochen
Comment 3 2013-03-26 07:20:19 PDT
Comment on attachment 195079 [details] Patch ok
Mike West
Comment 4 2013-03-26 07:30:19 PDT
Cool. Once the CSP_NEXT bots are happy, I'll CQ the patch.
WebKit Review Bot
Comment 5 2013-03-26 08:25:14 PDT
Comment on attachment 195079 [details] Patch Clearing flags on attachment: 195079 Committed r146886: <http://trac.webkit.org/changeset/146886>
WebKit Review Bot
Comment 6 2013-03-26 08:25:17 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.