Update CSM destinations to CSP Level 3. #1536 #1536
Conversation
git status
|
CSP still defines |
|
I actually did update the CSP specifications for the entire row, sorry for not clarifying that |
|
That's alright, I looked at the entire PR, but none of the changes look correct to me. |
|
Got it, thank you for the update. I would still love to work on this issue, should this also update the additional destinations such as "frame"AND "iFrame" since they both return "frame-src"? From what I understand, the issue asks to update the list to Content Security Policy Level 3. The ref (https://w3c.github.io/webappsec-csp/#effective-directive-for-a-request) shows destinations such as 'script' to return 'script-src-elem' and more from the CSP level 3 list. If there is something I am not understanding, please let me know. Thank you! |
|
@ToniWilliams1 apologies, I missed #1466. Next time please mention the issue you are attempting to fix. We probably don't want to remove |
fetch.bs
Outdated
| @@ -1654,11 +1654,11 @@ not always relevant and might require different behavior. | |||
| <code>cursor</code>, CSS' <code>list-style-image</code>, … | |||
| <tr> | |||
| <td>"<code>audioworklet</code>" | |||
| <td><code>script-src</code> | |||
| <td><code>script-src-elem</code> | |||
There was a problem hiding this comment.
Let's list both, separated by a comma. Also, it seems you forgot the script-src for the script element below.
There was a problem hiding this comment.
I've now listed both style-src and style-src-elem. Also added the script-src for the script element below.
There was a problem hiding this comment.
I don't see that reflected when I click on "Files changed" above.
There was a problem hiding this comment.
is this issue still open?
fetch.bs
Outdated
| @@ -1678,11 +1678,11 @@ not always relevant and might require different behavior. | |||
| <td><code>Federated Credential Management requests</code> | |||
| <tr> | |||
| <td>"<code>worker</code>" | |||
| <td><code>child-src</code>, <code>script-src</code>, <code>worker-src</code> | |||
| <td><code>worker-src</code>, <code>script-src</code>, <code>worker-src</code> | |||
There was a problem hiding this comment.
Please revert this change. It already lists worker-src and it should continue to list child-src.
fetch.bs
Outdated
| <td><code>Worker</code> | ||
| <tr> | ||
| <td>"<code>style</code>" | ||
| <td><code>style-src</code> | ||
| <td><code>style-src-elem</code> |
There was a problem hiding this comment.
Let's list both here, as with script, separated by a comma.
There was a problem hiding this comment.
I've now added both style-src and stly-src-elem
ToniWilliams1
changed the title
|
Hey @ToniWilliams1 if you go to "Files changed" above you'll find that you have still changed two files. You will need to undo the changes to PULL_REQUEST_TEMPLATE.md. There's also still one |
(See WHATWG Working Mode: Changes for more details.)
Preview | Diff