Closed Bug 778088 Opened 12 years ago Closed 12 years ago

Add a C++ helper to answer "can this process access URI X"

Categories

(Core :: General, defect)

Product:
Core
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX
Project Flags:
blocking-basecamp -

People

(Reporter: cjones, Unassigned)

References

Details

Maybe similar to bug 776174?  I don't fully understand that one.

Basically we want to do two things
 - be able to apply CSPs / same-origin checks at process boundaries.  For example, the dialer app should be blocked from loading resources from evil.com
 - be able to filter file-system access

Maybe these are different enough use cases for their own bugs, but I'll file them together here.

All the networking stuff goes through necko/IPDL/C++ so that part will be easy.  I'm not sure yet if we need to build something analogous for JS IPC code.
Chris, should this block?
blocking-basecamp: --- → ?
Filtering file-access and some network requests made by app processes blocks.

This is a suggested implementation approach.  Jonas/Jason/Ben own the implementation at this point so it's best for them to decide which way they want to go.  If they go this way, this bug blocks.  So I would say the decision is up to those three.
This is WONTFIX. The CSP policy doesn't restrict at all which URIs that an app can use. You can still point images and <iframe>s at arbitrary URIs.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WONTFIX
blocking-basecamp: ? → -
You need to log in before you can comment on or make changes to this bug.