Implement CSP 1.1 plugin-types directive

NEW
Unassigned

Status

()

P3
enhancement
5 years ago
5 months ago

People

(Reporter: geekboy, Unassigned)

Tracking

(Blocks: 1 bug, {dev-doc-needed})

Trunk
All
Linux
dev-doc-needed
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [CSP 1.1], [domsecurity-backlog3], URL)

(Reporter)

Description

5 years ago
Implement plugin-types directive for CSP that restricts what types of plugins can load on a page.

From the draft spec: "The plugin-types directive restricts the set of plugins that can be invoked by the protected resource by limiting the types of resources that can be embedded. ".  See the URL for details.
(Reporter)

Updated

4 years ago
Priority: -- → P3
Keywords: dev-doc-needed
(Reporter)

Updated

4 years ago
Assignee: sstamm → nobody
Whiteboard: [CSP 1.1] → [CSP 1.1], [domsecurity-backlog]

Comment 1

3 years ago
Note: since we're removing support for all plugins except Flash in FF52, and the current sandboxing status-quo is to not allow plugins at all, I'm not sure this is worthwhile. Should we consider WONTFIXing this or even removing this from CSP 1.1?
Whiteboard: [CSP 1.1], [domsecurity-backlog] → [CSP 1.1], [domsecurity-backlog3]

Comment 2

a year ago
Web developers putting this out will get console messages on every page currently.

If you're not going to support that's okay, but can we at least suppress that?
You need to log in before you can comment on or make changes to this bug.