mirrors/ladybird
0
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2025-07-08 18:11:52 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 9
68113 commits 1 branch 0 tags 492 MiB
Commit graph

7 commits

Author SHA1 Message Date
Luke Wilde
7643a079c0 LibWeb: Enforce Content Security Policy of Fetch responses 2025-03-19 00:55:14 +01:00
Luke Wilde
51796e2d3a LibWeb: Report CSP violations for request 2025-03-19 00:55:14 +01:00
Luke Wilde
6f771f45e2 LibWeb: Enforce Content Security Policy on Fetch requests 2025-03-19 00:55:14 +01:00
Luke Wilde
86170f4bfd LibWeb/CSP: Introduce the ability to create and report a violation 
A violation provides several details about an enforcement failing, such
as the URL of the document, the directive that returned "Blocked", etc.
 2025-03-19 00:55:14 +01:00
Luke Wilde
02236be737 LibWeb/CSP: Implement SecurityPolicyViolationEvent 
This is used to report violations of policies to the element/global
object that caused it.
 2025-03-19 00:55:14 +01:00
Aliaksandr Kalenik
56971a4201 LibWeb: Delete FIXME debug log in PolicyList 
It adds too much spam in test runner output.
 2025-03-13 22:16:47 +01:00
Luke Wilde
e34a6c86b9 LibWeb: Introduce Content Security Policy policies and directives 
These form the basis of Content Security Policy. A policy is a
collection of directives that are parsed from either the
Content-Security-Policy(-Report-Only) HTTP header, or the `<meta>`
element.

The directives are what restrict the operations can be performed in the
current global execution context. For example, "frame-ancestors: none"
tells us to prevent the page from being loaded in an embedded context,
such as `<iframe>`.

You can see it a bit like OpenBSD's pledge() functionality, but for the
web platform: https://man.openbsd.org/pledge.2
 2025-03-04 14:27:19 +01:00