Closed
Bug 1063021
Opened 10 years ago
Closed 8 years ago
CSP: Log parser errors when pref 'security.csp.debug' is on
Categories
(Core :: DOM: Security, enhancement, P3)
Core
DOM: Security
Tracking
()
RESOLVED
FIXED
People
(Reporter: ckerschb, Assigned: freddy)
References
(Blocks 1 open bug)
Details
(Whiteboard: [domsecurity-active])
Attachments
(1 file)
In the old CSP (JavaSciprt) implementation we used the the pref security.csp.debug to log warnings when parsing failed. We should re-introduce that pref in the new parser (nsCSPParser.cpp). Probably also in CSPUtils, CSPContext.
Updated•10 years ago
|
Severity: normal → enhancement
Priority: -- → P4
Updated•9 years ago
|
Assignee: nobody → francois
Reporter | ||
Comment 1•9 years ago
|
||
Francois, we are triaging at the moment, any progress on this one?
Flags: needinfo?(francois)
Priority: P4 → P3
Comment 2•9 years ago
|
||
No progress. I haven't looked at this yet, so I'll unassign myself in case someone else wants to take it on.
Assignee: francois → nobody
Flags: needinfo?(francois)
Reporter | ||
Comment 3•8 years ago
|
||
Not sure if we still want to bring that option back. Debugging CSP has worked fine without using that option. If we decide not to bring it back we should remove the flag here: http://mxr.mozilla.org/mozilla-central/source/modules/libpref/init/all.js#2015
Whiteboard: [domsecurity-backlog]
Assignee | ||
Comment 4•8 years ago
|
||
This seems simple enough for me to take, but needs advise: Implement logging (I assume CSP isn't becoming less complex) or remove the pref. I'd weakly suggest the former.
Reporter | ||
Comment 5•8 years ago
|
||
(In reply to Frederik Braun [:freddyb] from comment #4) > This seems simple enough for me to take, but needs advise: > Implement logging (I assume CSP isn't becoming less complex) or remove the > pref. > I'd weakly suggest the former. Yeah, would be nice to have some logging - go for it, thanks!
Assignee: nobody → fbraun
Status: NEW → ASSIGNED
Whiteboard: [domsecurity-backlog] → [domsecurity-active]
Assignee | ||
Comment 6•8 years ago
|
||
Looking at https://dxr.mozilla.org/mozilla-central/search?q=logWarningErrorToConsole&redirect=false&case=false we seem to have extensive logging for most error cases that developers might run into. We agreed out-of-band that removing is fine.
Assignee | ||
Comment 7•8 years ago
|
||
Review commit: https://reviewboard.mozilla.org/r/46097/diff/#index_header See other reviews: https://reviewboard.mozilla.org/r/46097/
Attachment #8740953 -
Flags: review?(ckerschb)
Reporter | ||
Updated•8 years ago
|
Attachment #8740953 -
Flags: review?(ckerschb) → review+
Reporter | ||
Comment 8•8 years ago
|
||
Comment on attachment 8740953 [details] MozReview Request: Bug 1063021 - Remove security.csp.debug pref r?ckerschb https://reviewboard.mozilla.org/r/46097/#review42587 r=me
Assignee | ||
Updated•8 years ago
|
Keywords: checkin-needed
Assignee | ||
Updated•8 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Comment 10•8 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/6ff8536a21bd
You need to log in
before you can comment on or make changes to this bug.
Description
•