Allow user to override CSP by supplying a list of always-allow domains.

NEW
Unassigned

Status

()

enhancement
P3
normal
5 years ago
6 months ago

People

(Reporter: freddyb, Unassigned)

Tracking

(Blocks 2 bugs)

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [domsecurity-backlog2])

Reporter

Description

5 years ago
As suggested by Ricky in bug 866522 comment 28, it would be nice if there was a switch to provide scripts the user trusts and wants to be allowed even if a website's CSP disallows this.

This could help restore the bookmarklet and pagemod use cases.

Comment 1

5 years ago
Probably worth mentioning Jesse Ruderman said:
> I like the idea of settings to force-allow scripts from certain domains.
in bug 866522 comment 31, and suggested creating this new bug.
Severity: normal → enhancement
Priority: -- → P4
Blocks: 615708, 866522
Priority: P4 → P3

Comment 2

4 years ago
But that is ONLY HALF of the "solution". (or thereabouts -- or a **** solution to the whole issue)
Priority: P3 → P2
Whiteboard: [domsecurity-backlog]
Priority: P2 → P3
Whiteboard: [domsecurity-backlog] → [domsecurity-backlog2]
You need to log in before you can comment on or make changes to this bug.