As :gijs noted in https://phabricator.services.mozilla.com/D250286#inline-1400220 > Not a new thing, but I don't really understand why this would be the correct CSP/policy to apply to the load. If this has come from the commandline, there is no reason that the currently-selected-page's policy/CSP should apply to it. > > This param is ancient, cf. https://searchfox.org/mozilla-central/rev/ec8a326713f60dec138a3e3383b03ac739870fc7/browser/components/BrowserContentHandler.sys.mjs#602-606 having blame from bug 341405 (2006, when we were using CVS for version control...) but let's file a separate bug for this as it would appear based on https://bugzilla.mozilla.org/show_bug.cgi?id=1667577 that e.g. MS powertoys might be using it to call us. > > (I noticed because https://searchfox.org/mozilla-central/rev/ec8a326713f60dec138a3e3383b03ac739870fc7/browser/components/search/test/browser/browser_contextSearchTabPosition.js#40,48 is even more bogus, and then I tried to work out what the callers of `SearchUIUtils` even were.) We for some reason pass the current page's CSP into [loadSearchFromCommandLine here](https://searchfox.org/mozilla-central/rev/c25dbe453ff9ca10f2c6bdfb873893c515a29826/browser/components/BrowserContentHandler.sys.mjs#388)
Bug 1974067 Comment 0 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
As :gijs noted in https://phabricator.services.mozilla.com/D250286#inline-1400220 > Not a new thing, but I don't really understand why this would be the correct CSP/policy to apply to the load. If this has come from the commandline, there is no reason that the currently-selected-page's policy/CSP should apply to it. > > This param is ancient, cf. https://searchfox.org/mozilla-central/rev/ec8a326713f60dec138a3e3383b03ac739870fc7/browser/components/BrowserContentHandler.sys.mjs#602-606 having blame from bug 341405 (2006, when we were using CVS for version control...) but let's file a separate bug for this as it would appear based on https://bugzilla.mozilla.org/show_bug.cgi?id=1667577 that e.g. MS powertoys might be using it to call us. > > (I noticed because https://searchfox.org/mozilla-central/rev/ec8a326713f60dec138a3e3383b03ac739870fc7/browser/components/search/test/browser/browser_contextSearchTabPosition.js#40,48 is even more bogus, and then I tried to work out what the callers of `SearchUIUtils` even were.) We for some reason pass the current page's CSP into [loadSearchFromCommandLine here](https://searchfox.org/mozilla-central/rev/c25dbe453ff9ca10f2c6bdfb873893c515a29826/browser/components/BrowserContentHandler.sys.mjs#388). It looks odd, we should investigate it.