Closed
Bug 1268327
Opened 8 years ago
Closed 8 years ago
ReferrerPolicy should not be delivered through CSPRO
Categories
(Core :: DOM: Security, defect, P1)
Core
DOM: Security
Tracking
()
RESOLVED
FIXED
mozilla50
| Tracking | Status | |
|---|---|---|
| firefox50 | --- | fixed |
People
(Reporter: tnguyen, Assigned: ckerschb)
References
(Blocks 1 open bug)
Details
(Whiteboard: [domsecurity-active])
Attachments
(1 file, 1 obsolete file)
|
5.54 KB,
patch
|
ckerschb
:
review+
|
Details | Diff | Splinter Review |
In [1], should check report-only before adding referrerPolicy (only add in case non-report-only policy) [1] https://dxr.mozilla.org/mozilla-central/source/dom/security/nsCSPContext.cpp#335
|
Assignee | |
Comment 1•8 years ago
|
||
Thanks Thomas - please also add a test to make sure we never regress that.
Whiteboard: [domsecurity-active]
|
|
Assignee | |
Updated•8 years ago
|
Whiteboard: [domsecurity-active] → [domsecurity-backlog]
|
|
Assignee | |
Updated•8 years ago
|
Priority: -- → P1
|
|
Assignee | |
Updated•8 years ago
|
Assignee: nobody → ckerschb
Status: NEW → ASSIGNED
Whiteboard: [domsecurity-backlog] → [domsecurity-active]
|
|
Assignee | |
Comment 2•8 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=5caf96a61a42
Attachment #8764185 -
Flags: review?(tnguyen)
|
Reporter | |
Comment 3•8 years ago
|
||
Comment on attachment 8764185 [details] [diff] [review] bug_1268327_referrer_policy_ro.patch Review of attachment 8764185 [details] [diff] [review]: ----------------------------------------------------------------- Lgtm. Could we add a case that both a Content-Security-Policy-Report-Only header and a Content-Security-Policy header are present?
Attachment #8764185 -
Flags: review?(tnguyen) → review+
|
|
Assignee | |
Comment 4•8 years ago
|
||
(In reply to Thomas Nguyen[:tnguyen] from comment #3) > Could we add a case that both a Content-Security-Policy-Report-Only header > and a Content-Security-Policy header are present? Sure can, added another test that delivers a CSP and a CSPRO. Carrying over r+! TRY looks good, this is ready to land!
Attachment #8764185 -
Attachment is obsolete: true
Attachment #8764217 -
Flags: review+
|
|
Assignee | |
Updated•8 years ago
|
Keywords: checkin-needed
|
||
Comment 5•8 years ago
|
||
| bugherder landing | ||
https://hg.mozilla.org/integration/mozilla-inbound/rev/0bed705c1430
Keywords: checkin-needed
|
||
Comment 6•8 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/0bed705c1430
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
status-firefox50:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla50
You need to log in
before you can comment on or make changes to this bug.
Description
•