Google Git
Sign in
webkit / WebKit / fb864a74a80c97f88a5a2c602ebd0f9f9422041e / Source / WebCore / page / csp / ContentSecurityPolicy.h
  1. aac6418 CSP: Improve compatibility of source matching by pgriffis@igalia.com · 3 years ago
  2. 623c3a5 CSP: WASM fails to execute after window.open by katherine_cheney@apple.com · 3 years ago
  3. 25ee0b9 Migrate manifest version content security policy filtering for extensions into WebKit by katherine_cheney@apple.com · 3 years ago
  4. 83f608c about:blank iframes do not always inherit parent CSP by katherine_cheney@apple.com · 3 years, 1 month ago
  5. efdc8890 Update CSP handling of javascript URLs by katherine_cheney@apple.com · 3 years, 1 month ago
  6. d831865 Use more StringView during CSP parsing by cdumez@apple.com · 3 years, 1 month ago
  7. fac23d1 CSP: Properly block image content in object elements by pgriffis@igalia.com · 3 years, 2 months ago
  8. afd8e4ef "Unrecognized Content-Security-Policy directive 'worker-src'." by katherine_cheney@apple.com · 3 years, 2 months ago
  9. d237297 CSP: Clean up effective-violation handling in reports by pgriffis@igalia.com · 3 years, 2 months ago
  10. c4848f2 CSP: Improve handling of multiple policies by pgriffis@igalia.com · 3 years, 3 months ago
  11. 6d83049 CSP: strict-dynamic is causing incorrect and unexpected behavior by katherine_cheney@apple.com · 3 years, 3 months ago
  12. 36e8257 Implement CSP strict-dynamic for module scripts by katherine_cheney@apple.com · 3 years, 3 months ago
  13. bdb3701f CSP: Include the sample in eval violation reports by carlosgc@webkit.org · 3 years, 3 months ago
  14. 7658fd6 CSP: Allow external scripts with SRI hashes matching CSP by pgriffis@igalia.com · 3 years, 4 months ago
  15. 4602fe8 Move TextCodec files from WebCore/platform/text to WebCore/PAL/text by don.olmstead@sony.com · 3 years, 4 months ago
  16. ea4b29d CSP: Update URL stripping in reports to match other implementations by pgriffis@igalia.com · 3 years, 4 months ago
  17. 5df2f63 CSP: Implement submitting samples in violation reports by pgriffis@igalia.com · 3 years, 4 months ago
  18. 11c4120 CSP: security policy violation event is always using document as target by carlosgc@webkit.org · 3 years, 4 months ago
  19. 21dfe61 Report the initiating url instead of the redirected one by commit-queue@webkit.org · 3 years, 4 months ago
  20. 4f0701e Implement nonce-hiding https://bugs.webkit.org/show_bug.cgi?id=179728 by pgriffis@igalia.com · 3 years, 5 months ago
  21. b5af993 Form action with a redirect should report correct blocked URI by katherine_cheney@apple.com · 3 years, 5 months ago
  22. 6e2fa9f [WebCore] Remove unneeded WTF:: namespace prefix by Hironori.Fujii@sony.com · 3 years, 5 months ago
  23. ea59827 CSP: Implement unsafe-hashes by katherine_cheney@apple.com · 3 years, 6 months ago
  24. a1b0b16 CSP: unsafe-eval tests timing out or failing by katherine_cheney@apple.com · 3 years, 6 months ago
  25. 59ef42c CSP: Implement 'strict-dynamic' source expression by katherine_cheney@apple.com · 3 years, 6 months ago
  26. 4ac584e [COOP] html/cross-origin-opener-policy/coop-navigate-same-origin-csp-sandbox.html WPT test is failing by cdumez@apple.com · 3 years, 7 months ago
  27. 3ebfbd5 Report correct blocked URI in CSP violation report by katherine_cheney@apple.com · 3 years, 7 months ago
  28. 0e7ff91 Avoid some calls to StringView::toString() / StringView::toStringWithoutCopying() by cdumez@apple.com · 3 years, 10 months ago
  29. a4ddc78 Remove WTF::Optional synonym for std::optional, using that class template directly instead by darin@apple.com · 3 years, 10 months ago
  30. 8fbd825 Blob URLs should use for their owner origin for CSP checks by youenn@apple.com · 4 years ago
  31. f1a8b00 Report the correct document uri in the case of a ContentSecurityPolicyClient by katherine_cheney@apple.com · 4 years, 1 month ago
  32. 0aca62b Unreviewed, rolling out r251861. by repstein@apple.com · 5 years ago
  33. b6952eda Use SecurityOriginData in NetworkProcess where possible without other changes by achristensen@apple.com · 5 years ago
  34. 52e98bb [JSC] Thread JSGlobalObject* instead of ExecState* by ysuzuki@apple.com · 5 years ago
  35. 622e869 [JSC] Change signature of HostFunction to (JSGlobalObject*, CallFrame*) by ysuzuki@apple.com · 5 years ago
  36. 123b1af Improve CSP inheritance semantics by dbates@webkit.org · 6 years ago
  37. b795b72 X-Frame-Options header should be ignored when frame-ancestors CSP directive is present by cdumez@apple.com · 6 years ago
  38. 267ddd4 ContentSecurityPolicy::logToConsole should include line/column number and source location by drousso@apple.com · 6 years ago
  39. 8b7a022 wtf/Optional.h: move-constructor and move-assignment operator should disengage the value being moved from by cdumez@apple.com · 6 years ago
  40. bb2f61c Move URL from WebCore to WTF https://bugs.webkit.org/show_bug.cgi?id=190234 by keith_miller@apple.com · 6 years ago
  41. 9223bcc Replace OptionSet |= and -= operators with add() and remove() functions by antti@apple.com · 7 years ago
  42. 5cea751 Cannot view PDF's on my.gov.au: "Refused to load https://my.gov.au/attachment/viewAttachment because it by dbates@webkit.org · 7 years ago
  43. a248f14 NetworkLoadChecker should not need to hard ref NetworkConnectionToWebProcess by youenn@apple.com · 7 years ago
  44. bf0182f Apply CSP checks before Content blocker checks in NetworkLoadChecker as done by CachedResourceLoader by youenn@apple.com · 7 years ago
  45. ae77ef4 REGRESSION (r231107): CSP report-only policies are ignored for beacon, importScripts, fetch(), EventSource, and XHR by dbates@webkit.org · 7 years ago
  46. 247e2f4 Check X-Frame-Options and CSP frame-ancestors in network process by dbates@webkit.org · 7 years ago
  47. e18740d Abstract logic to log console messages and send CSP violation reports into a client by dbates@webkit.org · 7 years ago
  48. 6f7aa39 CSP status-code incorrect for document blocked due to violation of its frame-ancestors directive by dbates@webkit.org · 7 years ago
  49. 41f504e CSP should be passed the referrer https://bugs.webkit.org/show_bug.cgi?id=185367 by dbates@webkit.org · 7 years ago
  50. 1295fb77 Rename JSDOMWindowProxy to JSWindowProxy by cdumez@apple.com · 7 years ago
  51. 4524dae NetworkLoadChecker should upgrade redirects if needed by youenn@apple.com · 7 years ago
  52. 1a2b4e3 Make it possible to call ContentSecurityPolicy::upgradeInsecureRequestIfNeeded() from non-main threads by cdumez@apple.com · 7 years ago
  53. 38d28fe [Web App Manifest] Support fetching the app manifest by commit-queue@webkit.org · 7 years ago
  54. 44fc687 [Beacon] Do connect-src CSP check on redirects as well by cdumez@apple.com · 8 years ago
  55. 7b29cef WebAssembly: disable some APIs under CSP by jfbastien@apple.com · 8 years ago
  56. 91d960b Missing <functional> includes make builds fail with GCC 7.x by aperez@igalia.com · 8 years ago
  57. 52f675f Rename JSDOMWindowShell to JSDOMWindowProxy to match the HTML5 spec. by commit-queue@webkit.org · 8 years ago
  58. 214daa3 Split cryptographic digest computation and parsing out of CSP code so it can be reused by weinig@apple.com · 8 years ago
  59. 8d002e7 [Mac][WK2] Add SPI to override the Content Security Policy of a page by dbates@webkit.org · 8 years ago
  60. 0aa713b Remove outdated ENABLE(CSP_NEXT) build flag by commit-queue@webkit.org · 8 years ago
  61. 2abec1b Implement Strict Mixed Content Checking by dbates@webkit.org · 8 years ago
  62. c4b09d1 [iOS] Sandbox QuickLook previews by dbates@webkit.org · 8 years ago
  63. 03af195 Refactor ContentSecurityPolicy::allow* methods by commit-queue@webkit.org · 9 years ago
  64. 01c956f Upgrade-Insecure-Request state is improperly retained between navigations by bfulgham@apple.com · 9 years ago
  65. a321639 CSP: object-src and plugin-types directives are not respected for plugin replacements by dbates@webkit.org · 9 years ago
  66. 927579e CSP: Improve support for multiple policies to more closely conform to the CSP Level 2 spec. by dbates@webkit.org · 9 years ago
  67. b30d7f8 CSP: Content Security Policy directive, upgrade-insecure-requests (UIR) by bfulgham@apple.com · 9 years ago
  68. 48b098a Unreviewed, rolling out r201679. https://bugs.webkit.org/show_bug.cgi?id=158464 by commit-queue@webkit.org · 9 years ago
  69. 7a950d4 CSP: Content Security Policy directive, upgrade-insecure-requests (UIR) by bfulgham@apple.com · 9 years ago
  70. 710d2ff CSP: Add app-specific workaround for Ecobee and Quora by dbates@webkit.org · 9 years ago
  71. 12b0904 REGRESSION (r196012): Subresource may be blocked by Content Security Policy if it only matches 'self' by dbates@webkit.org · 9 years ago
  72. 2e1bfea Remove more uses of Deprecated::ScriptXXX by darin@apple.com · 9 years ago
  73. 28db74a CSP: Ignore paths in CSP matching after redirects by dbates@webkit.org · 9 years ago
  74. 6d15f94 CSP: Remove experimental directive reflected-xss by dbates@webkit.org · 9 years ago
  75. 580f559 CSP: Move logic for reporting a violation from ContentSecurityPolicyDirectiveList to ContentSecurityPolicy by dbates@webkit.org · 9 years ago
  76. 153a0ad CSP: Simplify logic for checking policies by dbates@webkit.org · 9 years ago
  77. ebcf3d5 Cleanup: Remove the need to pass reporting status to ContentSecurityPolicy functions by dbates@webkit.org · 9 years ago
  78. 261b2dc CSP: Implement frame-ancestors directive by dbates@webkit.org · 9 years ago
  79. 5417dbd CSP: Implement support for script and style nonces by dbates@webkit.org · 9 years ago
  80. b5a87bf CSP: Implement support for inline script and inline style hashes by dbates@webkit.org · 9 years ago
  81. 8986cfc CSP: sandbox directive should be ignored when contained in a policy defined via a meta element by dbates@webkit.org · 9 years ago
  82. ac7a9e9 CSP: 'sandbox' should be ignored in report-only mode by dbates@webkit.org · 9 years ago
  83. 8c34a38 CSP: Implement child-src directive by dbates@webkit.org · 9 years ago
  84. 279cc4f CSP: Extract helper classes into their own files by dbates@webkit.org · 9 years ago
  85. 19e19f0 CSP: Allow Web Workers initiated from an isolated world to bypass the main world Content Security Policy by dbates@webkit.org · 9 years ago
  86. 869446a CSP: Support checking content security policy without a script execution context by dbates@webkit.org · 9 years ago
  87. e5b53f1 CSP: Use the served CSP header for dedicated workers by dbates@webkit.org · 9 years ago
  88. 5751965 Move ContentSecurityPolicy.{cpp, h} to its own directory by dbates@webkit.org · 9 years ago[Renamed from Source/WebCore/page/ContentSecurityPolicy.h]
  89. ae1ea97 Fix null pointer dereference in WebSocket::connect() by commit-queue@webkit.org · 9 years ago
  90. c1f8b3e Cleanup: Make ContentSecurityPolicy::ReportingStatus an enum class by dbates@webkit.org · 10 years ago
  91. 264add7 Isolated worlds should respect Content Security Policy; User Agent Shadow DOM by dbates@webkit.org · 10 years ago
  92. 7ee9b0d Replace 0 with nullptr in WebCore/Page. by commit-queue@webkit.org · 10 years ago
  93. ac92bae CSP: Drop 'script-nonce' directive. by mkwst@chromium.org · 11 years ago
  94. 66c8786 Move cross-port Source/WebCore/page/ code to std::unique_ptr by zandobersek@gmail.com · 11 years ago
  95. 9204733 .: Replace "Apple Computer, Inc." with "Apple Inc." in copyright headers by mjs@apple.com · 11 years ago
  96. c3523f8 Remove spaces between template angle brackets by andersca@apple.com · 11 years ago
  97. 5ffbb5c rename KURL to URL https://bugs.webkit.org/show_bug.cgi?id=16214 by darin@apple.com · 12 years ago
  98. 4da3e8d Replace ScriptState with JSC::ExecState by weinig@apple.com · 12 years ago
  99. 5b0379f CSP 1.1: Experiment with 'base-uri' directive. by mkwst@chromium.org · 12 years ago
  100. 39158bd CSP 1.1: Add 'effective-directive' to violation reports. by mkwst@chromium.org · 12 years ago