Closed Bug 1472661 Opened 6 years ago Closed 6 years ago

Enable and ship CSP Policy violation events

Categories

(Core :: DOM: Security, enhancement, P3)

Product:
Core
Component:
DOM: Security
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla63
Tracking Flags:
Tracking Status
relnote-firefox --- -
firefox63 --- fixed

People

(Reporter: ckerschb, Assigned: baku)

References

(Blocks 3 open bugs)

Details

(Keywords: dev-doc-complete, Whiteboard: [domsecurity-backlog1] [domsecurity-active] )

Withing Bug 1037335 we implemented most of CSP policy violation events but there are a few dependencies that need to clear before we can ship violation events by default. In particular: * Bug 1418236 * Bug 1418241 * Bug 1418246 * (maybe even others) Currently CSP policy violation events are enabled it Nightly builds (security.csp.enable_violation_events) but obviously it would be great if we can clear those dependencies and ship violation events by default!
Depends on: 1037335
Priority: -- → P3
Whiteboard: [domsecurity-backlog1]
No longer depends on: 1037335
Depends on: 1473218
Depends on: 1472927
Depends on: 1473587
Assignee: nobody → amarchesini
Pushed by amarchesini@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/020317ed6cb8 Enable and ship CSP Policy violation events, r=ckerschb
Status: NEW → ASSIGNED
Whiteboard: [domsecurity-backlog1] → [domsecurity-backlog1] [domsecurity-active]
Would be nice to have this in the release-note. Let's mark this bug as relnote-firefox
relnote-firefox: --- → ?
Whiteboard: [domsecurity-backlog1] [domsecurity-active] → [domsecurity-backlog1] [domsecurity-active]
https://hg.mozilla.org/mozilla-central/rev/020317ed6cb8
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
status-firefox63: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla63
(In reply to Andrea Marchesini [:baku] from comment #3) > Would be nice to have this in the release-note. Let's mark this bug as > relnote-firefox Andrea, could you provide the release note text and answer the release notes questions to help us understand what this means to the end-user? Thanks Release Note Request (optional, but appreciated) [Why is this notable]: [Affects Firefox for Android]: [Suggested wording]: [Links (documentation, blog post, etc)]:
Flags: needinfo?(amarchesini)
[Why is this notable]: From the spec: "When one or more of a policy’s directives is violated, a violation report may be generated and sent out to a reporting endpoint associated with the policy." This is important feature for developers. Plus, introducing this feature, Firefox is more compliant with CSP3 spec. [Affects Firefox for Android]: supported [Links (documentation, blog post, etc)]: https://www.w3.org/TR/CSP3/#securitypolicyviolationevent
Flags: needinfo?(amarchesini)
(In reply to Andrea Marchesini [:baku] from comment #6) > [Why is this notable]: From the spec: "When one or more of a policy’s > directives is violated, a violation report may be generated and sent out to > a reporting endpoint associated with the policy." This is important feature > for developers. Plus, introducing this feature, Firefox is more compliant > with CSP3 spec. > [Affects Firefox for Android]: supported > [Links (documentation, blog post, etc)]: > https://www.w3.org/TR/CSP3/#securitypolicyviolationevent Same question as in https://bugzilla.mozilla.org/show_bug.cgi?id=1470111#c6 :) Thanks!
Flags: needinfo?(amarchesini)
> Same question as in https://bugzilla.mozilla.org/show_bug.cgi?id=1470111#c6 I guess, same answer :) But this an API! We can add this in the 'new APIs' section.
Flags: needinfo?(amarchesini)
Removing the relnote request as this will go on the MDN release page.
relnote-firefox: ?-
You need to log in before you can comment on or make changes to this bug.