Bug 246616 - Sandbox not working in CSP
Summary: Sandbox not working in CSP
Status: RESOLVED CONFIGURATION CHANGED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit Extensions (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-10-17 04:48 PDT by Carlos J.
Modified: 2022-10-18 06:29 PDT (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Carlos J. 2022-10-17 04:48:57 PDT 
When the sandbox directive is included in the content_security_policy, even when it includes allow-scripts, it breaks all functionality from the extensions. It seems allow-scripts is simply ignored.

A test/demo version can be found here:
https://github.com/carlosjeurissen/webext-tech-demo-extensions/tree/main/issues/safari-9612454-sandbox-in-csp

In normal browsers, "loading..." should change to "loaded". Not in safari due to this issue.

Previously reported as:
https://feedbackassistant.apple.com/feedback/9612454
https://developer.apple.com/forums/thread/669989
Comment 1 Alexey Proskuryakov 2022-10-17 10:34:26 PDT 
This was fixed in iOS 15.4 outside WebKit. Please reopen if this still reproduces for you.
Comment 2 Carlos J. 2022-10-18 06:29:18 PDT 
Thanks!