Closed
Bug 1070732
Opened 10 years ago
Closed 10 years ago
CSP: log warning if csp-report is not sent using http or https
Categories
(Core :: DOM: Security, defect)
Core
DOM: Security
Tracking
()
RESOLVED
FIXED
mozilla35
People
(Reporter: ckerschb, Assigned: ckerschb)
References
Details
Attachments
(1 file)
|
1.83 KB,
patch
|
geekboy
:
review+
|
Details | Diff | Splinter Review |
The JS implementation of CSP used to log a warning to the console if a report scheme was not http, or https: http://mxr.mozilla.org/mozilla-central/source/dom/locales/en-US/chrome/security/csp.properties#35 We should incorporate that change in the new CSP implementation.
|
Assignee | |
Comment 1•10 years ago
|
||
Attachment #8492768 -
Flags: review?(sstamm)
|
|
Assignee | |
Updated•10 years ago
|
Assignee: nobody → mozilla
|
|
Assignee | |
Updated•10 years ago
|
Status: NEW → ASSIGNED
|
||
Comment 2•10 years ago
|
||
Comment on attachment 8492768 [details] [diff] [review] bug_1070732_log_warning_if_report_not_http.patch Review of attachment 8492768 [details] [diff] [review]: ----------------------------------------------------------------- r=me with one minor change. ::: content/base/src/nsCSPContext.cpp @@ +700,5 @@ > + // log a warning to console if scheme is not http or https > + nsAutoCString reportScheme; > + rv = reportURI->GetScheme(reportScheme); > + NS_ENSURE_SUCCESS(rv, rv); > + if (!reportScheme.EqualsASCII("http") || !reportScheme.EqualsASCII("https")) { Please use nsIURI.SchemeIs() for the scheme checks (shortcut!) http://mxr.mozilla.org/mozilla-central/source/netwerk/base/public/nsIURI.idl#165
Attachment #8492768 -
Flags: review?(sstamm) → review+
|
|
Assignee | |
Comment 3•10 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/c14d1ef31a7f
Target Milestone: --- → mozilla35
https://hg.mozilla.org/mozilla-central/rev/c14d1ef31a7f
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•