Open
Bug 763930
Opened 12 years ago
Updated 10 years ago
SecReview: Expose TCP Socket - Investigate restriction options - maybe via CSP. (nsiContentPolicy check)
Categories
(mozilla.org :: Security Assurance, task)
mozilla.org
Security Assurance
Tracking
(Not tracked)
NEW
People
(Reporter: curtisk, Unassigned)
References
(Blocks 1 open bug, )
Details
(Whiteboard: [action item])
SecReview Action Item bug
Investigate restriction options - maybe via CSP. (nsiContentPolicy check)
Comment 1•12 years ago
|
||
I am not sure what we want to do here. This definitely isn't base camp blocking, but it seems like for consistency, eventually we would want navigator.mozTCPSocket to respect the connect-src directive.
Comment 2•11 years ago
|
||
(In reply to Paul Theriault [:pauljt] from comment #1)
> we would want navigator.mozTCPSocket to respect the connect-src
> directive.
+1
Also, mixed content blocker should block non-SSL TCP sockets in SSL contexts.
Blocks: csp-w3c-1.0, MixedContentBlocker
Comment 3•11 years ago
|
||
Taking me off this since I am not working on this atm (it would be great it someone was...)
Assignee: ptheriault → nobody
Reporter | ||
Updated•11 years ago
|
Assignee: nobody → dveditz
Comment 5•10 years ago
|
||
Dunno, better question for bsmith. Given the summary I can see the desire to show some sort of tie to CSP, but it's clearly not part of the work required to implement the CSP 1.0 standard.
You need to log in
before you can comment on or make changes to this bug.
Description
•