Closed
Bug 1070732
Opened 11 years ago
Closed 11 years ago
CSP: log warning if csp-report is not sent using http or https
Categories
(Core :: DOM: Security, defect)
Core
DOM: Security
Tracking
()
RESOLVED
FIXED
mozilla35
People
(Reporter: ckerschb, Assigned: ckerschb)
References
Details
Attachments
(1 file)
|
1.83 KB,
patch
|
geekboy
:
review+
|
Details | Diff | Splinter Review |
The JS implementation of CSP used to log a warning to the console if a report scheme was not http, or https:
http://mxr.mozilla.org/mozilla-central/source/dom/locales/en-US/chrome/security/csp.properties#35
We should incorporate that change in the new CSP implementation.
|
Assignee | |
Comment 1•11 years ago
|
||
Attachment #8492768 -
Flags: review?(sstamm)
|
|
Assignee | |
Updated•11 years ago
|
Assignee: nobody → mozilla
|
|
Assignee | |
Updated•11 years ago
|
Status: NEW → ASSIGNED
|
||
Comment 2•11 years ago
|
||
Comment on attachment 8492768 [details] [diff] [review]
bug_1070732_log_warning_if_report_not_http.patch
Review of attachment 8492768 [details] [diff] [review]:
-----------------------------------------------------------------
r=me with one minor change.
::: content/base/src/nsCSPContext.cpp
@@ +700,5 @@
> + // log a warning to console if scheme is not http or https
> + nsAutoCString reportScheme;
> + rv = reportURI->GetScheme(reportScheme);
> + NS_ENSURE_SUCCESS(rv, rv);
> + if (!reportScheme.EqualsASCII("http") || !reportScheme.EqualsASCII("https")) {
Please use nsIURI.SchemeIs() for the scheme checks (shortcut!)
http://mxr.mozilla.org/mozilla-central/source/netwerk/base/public/nsIURI.idl#165
Attachment #8492768 -
Flags: review?(sstamm) → review+
|
|
Assignee | |
Comment 3•11 years ago
|
||
Target Milestone: --- → mozilla35
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•