&WidgetDAOReadOnly::getWidgetType>::Get),
CspPolicy(this, &BindToWidgetDAO<DPL::OptionalString,
&WidgetDAOReadOnly::getCspPolicy>::Get),
+ CspReportOnlyPolicy(this, &BindToWidgetDAO<DPL::OptionalString,
+ &WidgetDAOReadOnly::getCspPolicyReportOnly>::Get),
ActualSize(this),
PreferredSize(this,
&BindToWidgetDAO<WidgetSize,
DPL::Event::PropertyStorageDynamicCached> CspPolicy;
/**
+ * @brief Config file based csp policy - report only
+ */
+ DPL::Event::Property<DPL::OptionalString,
+ DPL::Event::PropertyReadOnly,
+ DPL::Event::PropertyStorageDynamicCached>
+ CspReportOnlyPolicy;
+
+ /**
* @brief Current widget actual size
*/
DPL::Event::Property<WidgetSize> ActualSize;
Assert(wkView);
#ifdef CSP_ENABLED
+ ewk_context_tizen_extensible_api_set(
+ m_ewkContext, EWK_EXTENSIBLE_API_CSP, true);
LogInfo("Setting CSP default policy");
// setting CSP policy rules
ewk_view_content_security_policy_set(
- wkView, "default-src 'self';", EWK_ENFORCE_POLICY);
+ wkView,
+ "default-src '*'; script-src 'self'; style-src 'self'; object-src 'none';",
+ EWK_ENFORCE_POLICY);
LogInfo("Default policy set");
DPL::OptionalString policy = m_model->CspPolicy.Get();
LogDebug("Config CSP policy is not present");
}
- //TODO: support report only csp will be added soon
+ policy = m_model->CspReportOnlyPolicy.Get();
+ if (!(policy.IsNull()))
+ {
+ LogDebug("CSP report only policy present in manifest: " << *policy);
+ ewk_view_content_security_policy_set(
+ wkView, DPL::ToUTF8String(*policy).c_str(), EWK_REPORT_ONLY);
+ } else {
+ LogDebug("Config CSP report only policy is not present");
+ }
LogInfo("CSP set.");
#endif