Closed
Bug 837682
Opened 12 years ago
Closed 9 years ago
Update our CSP documentation to match 1.0 and our latest implemenation
Categories
(Developer Documentation Graveyard :: Protocols, defect, P1)
Developer Documentation Graveyard
Protocols
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: teoli, Assigned: sheppy)
References
(Blocks 2 open bugs, )
Details
(Whiteboard: u=webdev p=2 c=Security)
:: Developer Documentation Request
Request Type: Correction
Gecko Version: Trunk
Technical Contact:
:: Details
CSP evolved since our initial implementation. It is now a CR at the W3C.
We are in the progress to update our implementation, we need to update our documentation too.
Our fixes spans several Fx versions.
Comment 1•12 years ago
|
||
I've been planning on updating MDN's CSP page at least when the CSP 1.0 implementation work is finished
Updated•12 years ago
|
Blocks: csp-w3c-1.0
Comment 2•12 years ago
|
||
(In reply to Ian Melven :imelven from comment #1)
> I've been planning on updating MDN's CSP page at least when the CSP 1.0
> implementation work is finished
I'll be very happy to help in any way I can (review, style issues, etc.)
Comment 3•12 years ago
|
||
(In reply to David Bruant from comment #2)
> (In reply to Ian Melven :imelven from comment #1)
> > I've been planning on updating MDN's CSP page at least when the CSP 1.0
> > implementation work is finished
> I'll be very happy to help in any way I can (review, style issues, etc.)
Thank you, David, that is awesome ! Bug 842657 is the one to watch for actually turning on the CSP 1.0 implementation - it's waiting on the inline styles stuff, which needs some spec discussion and a bit more work.
Comment 4•12 years ago
|
||
(In reply to Ian Melven :imelven from comment #3)
> (In reply to David Bruant from comment #2)
> > (In reply to Ian Melven :imelven from comment #1)
> > > I've been planning on updating MDN's CSP page at least when the CSP 1.0
> > > implementation work is finished
> > I'll be very happy to help in any way I can (review, style issues, etc.)
>
> Thank you, David, that is awesome ! Bug 842657 is the one to watch for
> actually turning on the CSP 1.0 implementation
I was talking about help in updating the documentation ;-) (yes, sorry, when saying "any way I can", I meant "... in the realm of documentation")
As a web developer, I'm pretty excited about CSP, so any way I can help to share about CSP to other developers, I'll be happy to do.
Comment 5•12 years ago
|
||
(In reply to David Bruant from comment #4)
>
> I was talking about help in updating the documentation ;-) (yes, sorry, when
> saying "any way I can", I meant "... in the realm of documentation")
oh yeah, that's how I understood it - sorry, I meant: once that bug lands and CSP 1.0 is turned, I will start on the documentation stuff and take you up on your offer of help :)
> As a web developer, I'm pretty excited about CSP, so any way I can help to
> share about CSP to other developers, I'll be happy to do.
That is great to hear as well :D
Assignee | ||
Updated•12 years ago
|
Assignee: nobody → eshepherd
Component: DOM → Protocols
OS: Other → All
Whiteboard: u=webdev p=0
Assignee | ||
Updated•12 years ago
|
Priority: P2 → P1
Whiteboard: u=webdev p=0 → u=webdev p=2 c=Security
Assignee | ||
Comment 6•11 years ago
|
||
Comment 7•11 years ago
|
||
I made a pass through
https://developer.mozilla.org/en-US/docs/Security/CSP
https://developer.mozilla.org/en-US/docs/Security/CSP/CSP_policy_directives
https://developer.mozilla.org/en-US/docs/Security/CSP/Using_Content_Security_Policy
https://developer.mozilla.org/en-US/docs/Security/CSP/Using_CSP_violation_reports
and did some updates. I switched everything to using the Content-Security-Policy header (although note this isn't supported until Fx23, which just went to beta) and added notes saying that prior to Fx23, the X-Content-Security-Policy header is used. In some places, I clarified it's fine to send both and the Content-Security-Policy header will be used.
If folks could review and maybe make my updates more 'MDN-ish' that would be greatly appreciated. In particular, we likely want to highlight loudly that people should switch to using the Content-Security-Policy header and X-Content-Security-Policy should not be used.
Comment 8•11 years ago
|
||
If anything I updated needs any clarifications or folks have any questions, I'm happy to help with that as well !
Comment 9•10 years ago
|
||
We should update our documentation to follow CSP 2.0 by now:
http://www.w3.org/TR/CSP11/
Comment 10•9 years ago
|
||
Hey Sheppy, we are triaging at the moment[1]. The docs look good to us - do you feel confident to close this bug?
[1] https://developer.mozilla.org/en-US/docs/Web/Security/CSP
Flags: needinfo?(eshepherd)
Reporter | ||
Comment 11•9 years ago
|
||
We can close it. The documentation has been updated month ago and I'm adding CSP 1.1 info as it is implemented (if the bugs has dev-doc-needed to notify us)
Status: NEW → RESOLVED
Closed: 9 years ago
Flags: needinfo?(eshepherd)
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•