Ian Melven :imelven Assignee
	Description • 12 years ago

In bug 746978, I made apps always use the 1.0 spec compliant CSP parser to process their default or manifest specified.

After discussing with Paul Theriault, we think we want to choose which parser to use based on the same pref that opts in to using the new parser for an unprefixed CSP header. I'll write the patch to do that.

	Ian Melven :imelven Assignee
	Comment 2 • 12 years ago

I did a try push to check that the B2G mochitests pass with this patch and the other patches I would like to land to turn on CSP 1.0 for desktop Firefox. 

https://tbpl.mozilla.org/?tree=Try&rev=6cda7e50be0c&showall=1

There are existing mochitests that check that privileged/trusted apps have the correct default CSP applied to them and that apps that specify a CSP in their manifest work correctly. 

This patch makes sure the behavior of B2G doesn't change until it's explicitly decided to do so by landing bug 858787 and we're sure we've done the work to make it ok to do so wrt apps, mochitests, etc. by fixing that bug's blockers.

	Johnny Stenback (:jst)
	Comment 3 • 12 years ago

Comment on attachment 734866 [details] [diff] [review]
patch v1

Stealing review from Jonas here to offload him a bit. r=jst

	Ian Melven :imelven Assignee
	Comment 4 • 12 years ago

(In reply to Johnny Stenback (:jst, jst@mozilla.com) from comment #3)
> Comment on attachment 734866 [details] [diff] [review]
> patch v1
> 
> Stealing review from Jonas here to offload him a bit. r=jst

Thank you Johnny !

	Ian Melven :imelven Assignee
	Comment 5 • 12 years ago

https://hg.mozilla.org/integration/mozilla-inbound/rev/0dd127fed18a

	Ryan VanderMeulen [:RyanVM]
	Comment 6 • 12 years ago

https://hg.mozilla.org/mozilla-central/rev/0dd127fed18a