WebAssembly code generation and execution is now controlled by the Content-Security-Policy header. It can be allowed using the existing unsafe-eval directive or the more precise unsafe-wasm-eval directive. This means existing pages that use WASM and a strict CSP might break.
Bug: <https://bugzilla.mozilla.org/show_bug.cgi?id=1735746> https://bugzilla.mozilla.org/show_bug.cgi?id=1740263 Specification: https://github.com/WebAssembly/content-security-policy, https://w3c.github.io/webappsec-csp/#can-compile-wasm-bytes Discussion: https://github.com/WebAssembly/spec/issues/1393, https://github.com/w3c/webappsec-csp/pull/293 Platform coverage: all Preference: security.csp.wasm-unsafe-eval.enabled Other browsers: Blink: Shipped in Stable (https://groups.google.com/a/chromium.org/g/blink-dev/c/5U_SgZ3r8QI/m/2a0578luBgAJ) WebKit: <https://github.com/WebKit/WebKit/commit/91bba6b31fd89aaec6e4e9ed5a44d9bb3c91c413> https://bugs.webkit.org/show_bug.cgi?id=235408 Web-platform-tests: https://github.com/web-platform-tests/wpt/tree/master/content-security-policy/wasm-unsafe-eval -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/5ae0e6c6-f74b-4e3f-a4a3-3eb909cb3bccn%40mozilla.org.
