Closed Bug 1059223 Opened 11 years ago Closed 10 years ago

Restrict CSP to trusted domains for Trusted Hosted Apps

Categories

(Core Graveyard :: DOM: Apps, defect)

Product:
Core Graveyard
Component:
DOM: Apps
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INVALID
Milestone:
2.1 S4 (12sep)

People

(Reporter: mattias.ostergren, Unassigned)

References

Details

Implement and enable verification of CSP policies source list in the manifest. CSP element MUST contain 'script-src' and 'style-src' directives restricted to 'self' and a list of trusted domains. These domains MUST have verified https certificates.
Blocks: 1016421
Whiteboard: [2.1-feature-qa+]
Target Milestone: --- → 2.1 S4 (12sep)
Whiteboard: [2.1-feature-qa+]
Current understanding is that this bug is redundant. See bug 1059221
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → INVALID
See Also: → 1059221
See Also: 1059221
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.