Open
Bug 1551253
Opened 5 years ago
Updated 2 years ago
CSP: Evaluate if we can rely on something else than URI_IS_LOCAL_RESOURCE within schemes subject to CSP
Categories
(Core :: DOM: Security, task, P3)
Core
DOM: Security
Tracking
()
NEW
People
(Reporter: ckerschb, Unassigned)
References
(Blocks 1 open bug)
Details
(Whiteboard: [domsecurity-backlog1])
As discussed within https://bugzilla.mozilla.org/show_bug.cgi?id=1548385#c3 local files are not subuject to CSP, but probably we should re-evaluate that decision. Probably we can simply rely on something else than URI_IS_LOCAL_RESOURCE within subjectToCSP(), see:
https://searchfox.org/mozilla-central/source/dom/security/nsCSPService.cpp#37
Updated•5 years ago
|
Type: defect → task
Priority: -- → P3
Whiteboard: [domsecurity-backlog1]
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•