Bug 89288
| Summary: | Content Security Policy sources should match against paths. | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Mike West <mkwst> |
| Component: | WebCore Misc. | Assignee: | Mike West <mkwst> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | Normal | CC: | abarth |
| Priority: | P2 | Keywords: | WebExposed |
| Version: | 528+ (Nightly build) | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Mike West
`script-src https://example.com/path/` should allow `https://example.com/path/to/javascript.js`, but deny `https://example.com/anotherpath/to/another.js`.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Adam Barth
We should probably create an ENABLE flag for CSP 1.1 features so we can work on this stuff while the spec is in flux.
Mike West
*** This bug has been marked as a duplicate of bug 89750 ***