173498 – Skip Content Security Policy check for media request for blob: and other custom schemes initiated from an element in user agent shadow tree

NEW 173498

Skip Content Security Policy check for media request for blob: and other custom schemes initiated from an element in user agent shadow tree

https://bugs.webkit.org/show_bug.cgi?id=173498

Summary Skip Content Security Policy check for media request for blob: and other cust...

Daniel Bates

Reported 2017-06-16 15:51:25 PDT

Splitting off from <https://bugs.webkit.org/show_bug.cgi?id=155505>, we should skip enforcing the Content Security Policy (CSP) of the page for media loads to blob URLs and other external schemes that are initiated by an element in a user-agent shadow tree because such elements are considered an implementation detail and should not be exposed to web developers.

Attachments
Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2017-06-16 15:51:41 PDT

<rdar://problem/32825307>

Note You need to log in before you can comment on or make changes to this bug.

Status NEW

Resolution

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Local Build

Hardware All

OS All

Product WebKit

Component WebCore Misc.

Assignee

Nobody

Reported

2017-06-16 15:51 PDT

Modified

2017-06-16 16:02 PDT History

CC List

1 user Show

URL

Keywords InRadar

Depends on

Blocks