Intent to prototype and ship: wasm-unsafe-eval Content-Security-Policy directive

58 views
Skip to first unread message

Tom Schuster

unread,
Apr 20, 2022, 4:54:48 AMApr 20
to dev-pl...@mozilla.org
WebAssembly code generation and execution is now controlled by the Content-Security-Policy header. It can be allowed using the existing unsafe-eval directive or the more precise unsafe-wasm-eval directive. This means existing pages that use WASM and a strict CSP might break.

Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1740263
Specification: https://github.com/WebAssembly/content-security-policy, https://w3c.github.io/webappsec-csp/#can-compile-wasm-bytes
Discussion: https://github.com/WebAssembly/spec/issues/1393, https://github.com/w3c/webappsec-csp/pull/293
Platform coverage: all
Preference: security.csp.wasm-unsafe-eval.enabled

Other browsers:
Blink: Shipped in Stable (https://groups.google.com/a/chromium.org/g/blink-dev/c/5U_SgZ3r8QI/m/2a0578luBgAJ)

Tom Schuster

unread,
May 20, 2022, 10:14:32 AMMay 20
to dev-pl...@mozilla.org
After some delays this is now in Nightly and hopefully shipping in Firefox 102.
> --
> You received this message because you are subscribed to a topic in the Google Groups "dev-pl...@mozilla.org" group.
> To unsubscribe from this topic, visit https://groups.google.com/a/mozilla.org/d/topic/dev-platform/XzIMEc9_KAY/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to dev-platform...@mozilla.org.
> To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/5ae0e6c6-f74b-4e3f-a4a3-3eb909cb3bccn%40mozilla.org.
Reply all
Reply to author
Forward
0 new messages