Closed Bug 1045899 Opened 8 years ago Closed 2 years ago
Implement CSP 1
.1 plugin-types directive
Implement plugin-types directive for CSP that restricts what types of plugins can load on a page. From the draft spec: "The plugin-types directive restricts the set of plugins that can be invoked by the protected resource by limiting the types of resources that can be embedded. ". See the URL for details.
Whiteboard: [CSP 1.1] → [CSP 1.1], [domsecurity-backlog]
Note: since we're removing support for all plugins except Flash in FF52, and the current sandboxing status-quo is to not allow plugins at all, I'm not sure this is worthwhile. Should we consider WONTFIXing this or even removing this from CSP 1.1?
Whiteboard: [CSP 1.1], [domsecurity-backlog] → [CSP 1.1], [domsecurity-backlog3]
Web developers putting this out will get console messages on every page currently. If you're not going to support that's okay, but can we at least suppress that?
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.