249596 – Store CSP delivered via meta tag as a valid HTTP header

Bug 249596 - Store CSP delivered via meta tag as a valid HTTP header

Summary: Store CSP delivered via meta tag as a valid HTTP header

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Page Loading (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Ryan Reno

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2022-12-19 10:51 PST by Ryan Reno
Modified:	2022-12-19 17:06 PST (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ryan Reno 2022-12-19 10:51:30 PST

A meta delivered CSP could contain invalid HTTP header value characters (for example, newlines). We should strip those characters out and store the CSP as a valid HTTP header for later inheritance.

Comment 1 Ryan Reno 2022-12-19 10:51:47 PST

<rdar://problem/103170891>

Comment 2 Ryan Reno 2022-12-19 11:37:06 PST

Pull request: https://github.com/WebKit/WebKit/pull/7860

Comment 3 EWS 2022-12-19 17:06:23 PST

Committed 258110@main (0445ac553799): <https://commits.webkit.org/258110@main>

Reviewed commits have been landed. Closing PR #7860 and removing active labels.