Open
Bug 1014545
Opened 10 years ago
Updated 2 years ago
Allow user to override CSP by supplying a list of always-allow domains.
Categories
(Core :: DOM: Security, enhancement, P3)
Core
DOM: Security
Tracking
()
NEW
People
(Reporter: freddy, Unassigned)
References
(Blocks 2 open bugs)
Details
(Whiteboard: [domsecurity-backlog2])
As suggested by Ricky in bug 866522 comment 28, it would be nice if there was a switch to provide scripts the user trusts and wants to be allowed even if a website's CSP disallows this. This could help restore the bookmarklet and pagemod use cases.
|
||
Comment 1•10 years ago
|
||
Probably worth mentioning Jesse Ruderman said: > I like the idea of settings to force-allow scripts from certain domains. in bug 866522 comment 31, and suggested creating this new bug.
|
||
Updated•10 years ago
|
Severity: normal → enhancement
Priority: -- → P4
|
|
||
Updated•9 years ago
|
But that is ONLY HALF of the "solution". (or thereabouts -- or a **** solution to the whole issue)
|
|
||
Updated•9 years ago
|
Keywords: #relman/triage/defer-to-group
Priority: P3 → P2
|
||
Updated•8 years ago
|
Whiteboard: [domsecurity-backlog]
|
|
||
Updated•8 years ago
|
Priority: P2 → P3
Whiteboard: [domsecurity-backlog] → [domsecurity-backlog2]
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•