Closed Bug 1402332 Opened 7 years ago Closed 7 years ago

CSP: Enforce script-src for workers in the absence of worker-src

Tracking

()

Status:

RESOLVED DUPLICATE of bug 1302667

People

(Reporter: ckerschb, Assigned: ckerschb)

References

Details

(Whiteboard: [domsecurity-active])

Christoph Kerschbaumer [:ckerschb]

Assignee

Description

•

7 years ago

Our implementation of script-src should govern workers in case worker-src is not explicitly defined within a CSP.

Christoph Kerschbaumer [:ckerschb]

Assignee

Updated

•

7 years ago

Depends on: 1302667

Christoph Kerschbaumer [:ckerschb]

Assignee

Updated

•

7 years ago

Assignee: nobody → ckerschb

Status: NEW → ASSIGNED

No longer depends on: 1302667

Priority: -- → P1

Whiteboard: [domsecurity-active]

Christoph Kerschbaumer [:ckerschb]

Assignee

Updated

•

7 years ago

Depends on: 1302667

Christoph Kerschbaumer [:ckerschb]

Assignee

Comment 1

•

7 years ago

In fact we are going to handle that within Bug 1302667 itself now, which makes this a duplicate of Bug 1302667.

Status: ASSIGNED → RESOLVED

Closed: 7 years ago

Resolution: --- → DUPLICATE

You need to log in before you can comment on or make changes to this bug.

Bugzilla

CSP: Enforce script-src for workers in the absence of worker-src

Categories

(Core :: DOM: Security, enhancement, P1)

Tracking

()

People

(Reporter: ckerschb, Assigned: ckerschb)

References

Details

(Whiteboard: [domsecurity-active])

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Updated

Comment 1