Closed Bug 1053028 Opened 10 years ago Closed 10 years ago

Remove remaining relicts of deprecated X-CSP header

Categories

(Core :: DOM: Security, defect)

Product:
Core
Component:
DOM: Security
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla34

People

(Reporter: ckerschb, Assigned: ckerschb)

References

Details

Attachments

(1 file, 1 obsolete file)

bug_1053028_xcsp_artifacts_v2.patch
9.02 KB, patch
ckerschb
: review+
Details | Diff | Splinter Review 
When browsing through the code I found that we are still referencing 'x-csp-headers':
http://mxr.mozilla.org/mozilla-central/search?string=x-content-security

All of them should be gone by now!
Depends on: 994782
Attached patch bug_1053028_xcsp_artifacts.patch (obsolete) — Splinter Review 
Fixed it right away! Sid, any objections?
Attachment #8472081 - Flags: review?(sstamm)
Comment on attachment 8472081 [details] [diff] [review]
bug_1053028_xcsp_artifacts.patch

Review of attachment 8472081 [details] [diff] [review]:
-----------------------------------------------------------------

r=me with a few things.

::: browser/extensions/pdfjs/content/PdfStreamConverter.jsm
@@ +906,5 @@
>        aRequest.setResponseHeader('Content-Security-Policy', '', false);
>        aRequest.setResponseHeader('Content-Security-Policy-Report-Only', '',
>                                   false);
> +      aRequest.setResponseHeader('Content-Security-Policy', '', false);
> +      aRequest.setResponseHeader('Content-Security-Policy-Report-Only', '',

Just delete these lines.  They're duplicates of the two immediately above.

::: dom/locales/en-US/chrome/security/security.properties
@@ -8,5 @@
> -# LOCALIZATION NOTE: Do not translate "X-Content-Security-Policy", "X-Content-Security-Policy-Report-Only",  "Content-Security-Policy" or "Content-Security-Policy-Report-Only"
> -OldCSPHeaderDeprecated=The X-Content-Security-Policy and X-Content-Security-Report-Only headers will be deprecated in the future. Please use the Content-Security-Policy and Content-Security-Report-Only headers with CSP spec compliant syntax instead.
> -# LOCALIZATION NOTE: Do not translate "X-Content-Security-Policy/Report-Only" or "Content-Security-Policy/Report-Only"
> -BothCSPHeadersPresent=This site specified both an X-Content-Security-Policy/Report-Only header and a Content-Security-Policy/Report-Only header. The X-Content-Security-Policy/Report-Only header(s) will be ignored.
> -

Don't change the strings here; lets do them all in bug 1000945.
Attachment #8472081 - Flags: review?(sstamm) → review+
Assignee: nobody → mozilla
Status: NEW → ASSIGNED
(In reply to Sid Stamm [:geekboy or :sstamm] from comment #2)
> ::: dom/locales/en-US/chrome/security/security.properties
> @@ -8,5 @@
> > -# LOCALIZATION NOTE: Do not translate "X-Content-Security-Policy", "X-Content-Security-Policy-Report-Only",  "Content-Security-Policy" or "Content-Security-Policy-Report-Only"
> > -OldCSPHeaderDeprecated=The X-Content-Security-Policy and X-Content-Security-Report-Only headers will be deprecated in the future. Please use the Content-Security-Policy and Content-Security-Report-Only headers with CSP spec compliant syntax instead.
> > -# LOCALIZATION NOTE: Do not translate "X-Content-Security-Policy/Report-Only" or "Content-Security-Policy/Report-Only"
> > -BothCSPHeadersPresent=This site specified both an X-Content-Security-Policy/Report-Only header and a Content-Security-Policy/Report-Only header. The X-Content-Security-Policy/Report-Only header(s) will be ignored.
> > -
> 
> Don't change the strings here; lets do them all in bug 1000945.

Are you sure? The name of the file is security.properties, not csp.properties. I would rather delete those lines with the patch for this bug.
Ok, sure, why not.  Then we have less to do in 1000945.
(In reply to Sid Stamm [:geekboy or :sstamm] from comment #2)
                                  false);
> > +      aRequest.setResponseHeader('Content-Security-Policy', '', false);
> > +      aRequest.setResponseHeader('Content-Security-Policy-Report-Only', '',
> 
> Just delete these lines.  They're duplicates of the two immediately above.

Obviously :-) Deleted those two lines.
Attachment #8472081 - Attachment is obsolete: true
Attachment #8476458 - Flags: review+
https://hg.mozilla.org/mozilla-central/rev/e0bd2eb2c3d7
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Flags: qe-verify-
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: