Open Bug 1551253 Opened 5 years ago Updated 2 years ago

CSP: Evaluate if we can rely on something else than URI_IS_LOCAL_RESOURCE within schemes subject to CSP

Categories

(Core :: DOM: Security, task, P3)

Product:

Component:

Type:

task

Priority:

P3

Severity:

S3

Tracking

()

Status:

NEW

People

(Reporter: ckerschb, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-backlog1])

Christoph Kerschbaumer [:ckerschb]

Reporter

Description

•

5 years ago

As discussed within https://bugzilla.mozilla.org/show_bug.cgi?id=1548385#c3 local files are not subuject to CSP, but probably we should re-evaluate that decision. Probably we can simply rely on something else than URI_IS_LOCAL_RESOURCE within subjectToCSP(), see:
https://searchfox.org/mozilla-central/source/dom/security/nsCSPService.cpp#37

Daniel Veditz [:dveditz]

Updated

•

5 years ago

Type: defect → task

Priority: -- → P3

Whiteboard: [domsecurity-backlog1]

Updated

•

2 years ago

Severity: normal → S3

You need to log in before you can comment on or make changes to this bug.