Bug 155773
| Summary: | CSP: Log deprecation warning for frame-src directive | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Daniel Bates <dbates> |
| Component: | WebCore Misc. | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED INVALID | ||
| Severity: | Normal | CC: | bfulgham |
| Priority: | P2 | ||
| Version: | WebKit Local Build | ||
| Hardware: | All | ||
| OS: | All | ||
| See Also: | https://bugs.webkit.org/show_bug.cgi?id=155777 | ||
Daniel Bates
The frame-src directive has been deprecated since CSP 2.0, <https://www.w3.org/TR/2015/CR-CSP2-20150721/#directive-frame-src>. Its replacement is the child-src directive. We should consider showing a console warning message when a Content Security Policy has a frame-src directive.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Daniel Bates
Maybe we should log a message of the form:
The frame-src directive is deprecated. Use the child-src directive instead.
Brent Fulgham
Ironically, the frame-src directive is no longer deprecated, and child-src is!