Closed
Bug 1583489
Opened 5 years ago
Closed 5 years ago
TIghten CSP assertion for about: pages
Categories
(Core :: DOM: Security, defect)
Core
DOM: Security
Tracking
()
RESOLVED
FIXED
mozilla71
Tracking | Status | |
---|---|---|
firefox71 | --- | fixed |
People
(Reporter: ckerschb, Assigned: ckerschb)
References
Details
(Whiteboard: [domsecurity-active])
Attachments
(1 file)
(deleted),
text/x-phabricator-request
|
Details |
Now that we are getting close that all about: pages ship with a CSP we should tighten the CSP. E.g. Bug 1499354 will add object-src 'none' so we should also include that in the assertion that all about: pages have object-src 'none'. Further we can assert that no policy should include 'unsafe-inline'.
Assignee | ||
Comment 1•5 years ago
|
||
Assignee | ||
Updated•5 years ago
|
Keywords: checkin-needed
Pushed by btara@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/ff8a499e1ea4
TIghten CSP assertion for about: pages. r=jkt
Keywords: checkin-needed
Comment 3•5 years ago
|
||
bugherder |
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
status-firefox71:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla71
You need to log in
before you can comment on or make changes to this bug.
Description
•