Bug
1809683 [wpt PR 37881] - Remove `prefetch-src` and use least-restrictive directive instead, a=testonly
Automatic update from web-platform-tests
Remove `prefetch-src` and use least-restrictive directive instead
This implements the spec:
https://w3c.github.io/webappsec-csp/#does-resource-hint-violate-policy
- Remove prefetch-src and anything related
- When CSP-testing a prefetch request, test if default-src or any
other directive allows for that source
- Remove use of 'prefetch-src' from nav-speculation
(spec issue: https://github.com/WICG/nav-speculation/issues/235)
- Add multiple WPTs to cover this.
Note that prefetch-src was erroneously enabled by default in 2021.
Bug:
1406444
Change-Id: I46bb76edaf7b280443ab4c3d4f6470bc30509d51
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/
4154428
Reviewed-by: Mike West <mkwst@chromium.org>
Commit-Queue: Noam Rosenthal <nrosenthal@chromium.org>
Cr-Commit-Position: refs/heads/main@{#
1104223}
--
wpt-commits:
021d1b5eb068f8f9a0791f70660a314508160b02
wpt-pr: 37881