Open
Bug 1449501
Opened 7 years ago
Updated 2 years ago
Making it easier to view CSP policy for a site
Categories
(DevTools :: Netmonitor, enhancement, P3)
DevTools
Netmonitor
Tracking
(Not tracked)
NEW
People
(Reporter: Honza, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: dev-doc-needed)
Attachments
(1 file)
(deleted),
image/png
|
Details |
Developer Toolbar (aka GCLI) is going to be removed from Firefox (Bug 1429421) and we should make sure to preserve related CSP functionality in DevTools Toolbox.
GCLI supports a command that allows to view the CSP policy of a site:
`security csp`
(see the attached screenshot)
This information could be exposed through DevTools Toolbox in the Network panel UI.
The Network panel Side bar looks like the right place, but it's not clear what side panel should be used.
Some options:
1) Extend the existing Security panel (and make it available even for non https protocol). There could be two collapsible sections, one about the certificate, and one about CSP.
2) Since SCP is closely related to HTTP headers we might improve the Headers side panel, so it's easier to inspect HTTP CSP headers. This might also complement #1, Bug 1447267 is already going in the right direction.
3) We could also introduce entire new CSP panel.
Honza
---
See also this thread:
Making it easier to view CSP policy for a site
https://mail.mozilla.org/pipermail/firefox-dev/2018-March/006296.html
See also this thread:
Intent to unship Developer Toolbar (aka GCLI)
https://mail.mozilla.org/pipermail/firefox-dev/2018-March/006262.html
Reporter | ||
Updated•7 years ago
|
Priority: -- → P3
Updated•7 years ago
|
Keywords: dev-doc-needed
Updated•6 years ago
|
Product: Firefox → DevTools
Updated•6 years ago
|
Updated•6 years ago
|
Blocks: gcli-removal-follow-ups
Comment 1•6 years ago
|
||
I don't see a version for this. Is the feature ready to be documented? I don't see anything in Nightly.
Flags: needinfo?(odvarko)
Reporter | ||
Comment 2•6 years ago
|
||
(In reply to Irene Smith from comment #1)
> I don't see a version for this. Is the feature ready to be documented? I
> don't see anything in Nightly.
Not ready yet
But it's ok to use the dev-doc-needed keyword even if the bug report is not yet resolved and closed, correct?
Honza
Flags: needinfo?(odvarko) → needinfo?(ismith)
Comment 3•6 years ago
|
||
(In reply to Jan Honza Odvarko [:Honza] (need-info? me) from comment #2)
> (In reply to Irene Smith from comment #1)
> > I don't see a version for this. Is the feature ready to be documented? I
> > don't see anything in Nightly.
> Not ready yet
>
> But it's ok to use the dev-doc-needed keyword even if the bug report is not
> yet resolved and closed, correct?
>
> Honza
Sorry, I wasn't ignoring your question. I did not work Friday. I suppose it is, as long as you don't mind silly questions. :)
Flags: needinfo?(ismith)
Comment 4•6 years ago
|
||
Can I assume that this is not going to happen for 64? I need to know so I can either postpone it or try to get it done.
Flags: needinfo?(odvarko)
Updated•6 years ago
|
Flags: needinfo?(odvarko)
Comment 6•6 years ago
|
||
I still don't see anything in the 65 UI about CSP. Am I missing something?
Flags: needinfo?(odvarko)
Reporter | ||
Comment 7•6 years ago
|
||
(In reply to Irene Smith from comment #6)
I still don't see anything in the 65 UI about CSP.
Correct, this feature is not implemented yet.
(not even in 66)
Honza
Flags: needinfo?(odvarko)
Comment 8•5 years ago
|
||
I was going through old but unfinished issues and I saw this one: MDN/Sprints #859 which asks me to document this change. Can I get an update?
Flags: needinfo?(odvarko)
Reporter | ||
Comment 9•5 years ago
|
||
This feature is still not implemented yet.
Honza
Flags: needinfo?(odvarko)
Comment 10•5 years ago
|
||
(In reply to Jan Honza Odvarko [:Honza] (always need-info? me) from comment #9)
This feature is still not implemented yet.
Honza
Thanks for the update!
Blocks: devtools-csp
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•