Bug 238019 - CSP: report upon attempting to consume a forbidden preloaded resource
Summary: CSP: report upon attempting to consume a forbidden preloaded resource
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: Page Loading (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2022-03-17 06:06 PDT by Noam Rosenthal
Modified: 2022-03-22 09:06 PDT (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Noam Rosenthal 2022-03-17 06:06:13 PDT 
See https://github.com/whatwg/fetch/pull/1411 for spec
and https://github.com/web-platform-tests/wpt/pull/33205 for failing test


1. Open a page with CSP forbidding images
2. Load an image with a <link rel=preload as=image />
2. Consume the same image with <img />

The expected (newly spec'ed) behavior:
- the forbidden attempt to request the image should be reported twice

The actual result:
- One report
Comment 1 Radar WebKit Bug Importer 2022-03-22 08:49:38 PDT 
<rdar://problem/90638057>