Closed Bug 1289471 Opened 8 years ago Closed 7 years ago

Implement Subresource Integrity (SRI) on treeherder.mozilla.org

Tracking

(Not tracked)

Status:

RESOLVED WONTFIX

People

(Reporter: emorley, Unassigned)

References

(Blocks 1 open bug)

Details

Ed Morley [:emorley]

Reporter

Description

•

8 years ago

From bug 1270153: [ -5] Subresource Integrity (SRI) not implemented, but all external scripts are loaded over https See: https://wiki.mozilla.org/Security/Guidelines/Web_Security#Subresource_Integrity Currently the only resources we pull from third-party origins are for Persona. Once bug 1273034 removes Persona we will probably not need to do this (and will instead just crank up the CSP policy to forbid non same-origin scripts/... in bug 1270157).

Ed Morley [:emorley]

Reporter

Comment 1

•

7 years ago

We no longer pull JS from third party domains, so the CSP in bug 1270157 will make this unnecessary.

Status: NEW → RESOLVED

Closed: 7 years ago

Resolution: --- → WONTFIX

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Implement Subresource Integrity (SRI) on treeherder.mozilla.org

Categories

(Tree Management :: Treeherder, defect, P3)

Tracking

(Not tracked)

People

(Reporter: emorley, Unassigned)

References

(Blocks 1 open bug)

Details

Crash Data

Security

(public)

User Story

Description

Comment 1