Closed
Bug 1053028
Opened 10 years ago
Closed 10 years ago
Remove remaining relicts of deprecated X-CSP header
Categories
(Core :: DOM: Security, defect)
Core
DOM: Security
Tracking
()
RESOLVED
FIXED
mozilla34
People
(Reporter: ckerschb, Assigned: ckerschb)
References
Details
Attachments
(1 file, 1 obsolete file)
9.02 KB,
patch
|
ckerschb
:
review+
|
Details | Diff | Splinter Review |
When browsing through the code I found that we are still referencing 'x-csp-headers': http://mxr.mozilla.org/mozilla-central/search?string=x-content-security All of them should be gone by now!
Assignee | ||
Comment 1•10 years ago
|
||
Fixed it right away! Sid, any objections?
Attachment #8472081 -
Flags: review?(sstamm)
Comment 2•10 years ago
|
||
Comment on attachment 8472081 [details] [diff] [review] bug_1053028_xcsp_artifacts.patch Review of attachment 8472081 [details] [diff] [review]: ----------------------------------------------------------------- r=me with a few things. ::: browser/extensions/pdfjs/content/PdfStreamConverter.jsm @@ +906,5 @@ > aRequest.setResponseHeader('Content-Security-Policy', '', false); > aRequest.setResponseHeader('Content-Security-Policy-Report-Only', '', > false); > + aRequest.setResponseHeader('Content-Security-Policy', '', false); > + aRequest.setResponseHeader('Content-Security-Policy-Report-Only', '', Just delete these lines. They're duplicates of the two immediately above. ::: dom/locales/en-US/chrome/security/security.properties @@ -8,5 @@ > -# LOCALIZATION NOTE: Do not translate "X-Content-Security-Policy", "X-Content-Security-Policy-Report-Only", "Content-Security-Policy" or "Content-Security-Policy-Report-Only" > -OldCSPHeaderDeprecated=The X-Content-Security-Policy and X-Content-Security-Report-Only headers will be deprecated in the future. Please use the Content-Security-Policy and Content-Security-Report-Only headers with CSP spec compliant syntax instead. > -# LOCALIZATION NOTE: Do not translate "X-Content-Security-Policy/Report-Only" or "Content-Security-Policy/Report-Only" > -BothCSPHeadersPresent=This site specified both an X-Content-Security-Policy/Report-Only header and a Content-Security-Policy/Report-Only header. The X-Content-Security-Policy/Report-Only header(s) will be ignored. > - Don't change the strings here; lets do them all in bug 1000945.
Attachment #8472081 -
Flags: review?(sstamm) → review+
Assignee | ||
Updated•10 years ago
|
Assignee: nobody → mozilla
Status: NEW → ASSIGNED
Assignee | ||
Comment 3•10 years ago
|
||
(In reply to Sid Stamm [:geekboy or :sstamm] from comment #2) > ::: dom/locales/en-US/chrome/security/security.properties > @@ -8,5 @@ > > -# LOCALIZATION NOTE: Do not translate "X-Content-Security-Policy", "X-Content-Security-Policy-Report-Only", "Content-Security-Policy" or "Content-Security-Policy-Report-Only" > > -OldCSPHeaderDeprecated=The X-Content-Security-Policy and X-Content-Security-Report-Only headers will be deprecated in the future. Please use the Content-Security-Policy and Content-Security-Report-Only headers with CSP spec compliant syntax instead. > > -# LOCALIZATION NOTE: Do not translate "X-Content-Security-Policy/Report-Only" or "Content-Security-Policy/Report-Only" > > -BothCSPHeadersPresent=This site specified both an X-Content-Security-Policy/Report-Only header and a Content-Security-Policy/Report-Only header. The X-Content-Security-Policy/Report-Only header(s) will be ignored. > > - > > Don't change the strings here; lets do them all in bug 1000945. Are you sure? The name of the file is security.properties, not csp.properties. I would rather delete those lines with the patch for this bug.
Comment 4•10 years ago
|
||
Ok, sure, why not. Then we have less to do in 1000945.
Assignee | ||
Comment 5•10 years ago
|
||
(In reply to Sid Stamm [:geekboy or :sstamm] from comment #2) false); > > + aRequest.setResponseHeader('Content-Security-Policy', '', false); > > + aRequest.setResponseHeader('Content-Security-Policy-Report-Only', '', > > Just delete these lines. They're duplicates of the two immediately above. Obviously :-) Deleted those two lines.
Attachment #8472081 -
Attachment is obsolete: true
Attachment #8476458 -
Flags: review+
Assignee | ||
Comment 6•10 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/e0bd2eb2c3d7
Target Milestone: --- → mozilla34
https://hg.mozilla.org/mozilla-central/rev/e0bd2eb2c3d7
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Updated•10 years ago
|
Flags: qe-verify-
You need to log in
before you can comment on or make changes to this bug.
Description
•