Closed
Bug 778088
Opened 12 years ago
Closed 12 years ago
Add a C++ helper to answer "can this process access URI X"
Categories
(Core :: General, defect)
Core
General
Tracking
()
RESOLVED
WONTFIX
blocking-basecamp | - |
People
(Reporter: cjones, Unassigned)
References
Details
Maybe similar to bug 776174? I don't fully understand that one. Basically we want to do two things - be able to apply CSPs / same-origin checks at process boundaries. For example, the dialer app should be blocked from loading resources from evil.com - be able to filter file-system access Maybe these are different enough use cases for their own bugs, but I'll file them together here. All the networking stuff goes through necko/IPDL/C++ so that part will be easy. I'm not sure yet if we need to build something analogous for JS IPC code.
Reporter | ||
Comment 2•12 years ago
|
||
Filtering file-access and some network requests made by app processes blocks. This is a suggested implementation approach. Jonas/Jason/Ben own the implementation at this point so it's best for them to decide which way they want to go. If they go this way, this bug blocks. So I would say the decision is up to those three.
This is WONTFIX. The CSP policy doesn't restrict at all which URIs that an app can use. You can still point images and <iframe>s at arbitrary URIs.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WONTFIX
Updated•12 years ago
|
blocking-basecamp: ? → -
You need to log in
before you can comment on or make changes to this bug.
Description
•