User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0 Build ID: 20141021030208 Steps to reproduce: about:config Actual results: loop.CSP contains http://www.gravatar.com/ Expected results: Gravatar should be over HTTPS
Component: Untriaged → Client
Product: Firefox → Loop
QA Contact: anthony.s.hughes
Version: 36 Branch → unspecified
Current target for gravatar support is Fx36 (we need to add UX to ask permission of the user to use gravatars).
backlog: Fx34? → Fx36?
Status: UNCONFIRMED → NEW
Ever confirmed: true
This isn't really an issue with the CSP per se; it's an issue with the Gravitar code, around which the CSP was crafted. At this point, changing the CSP would just break things. The underlying code needs to be updated to use https, and the CSP needs to be updated to match, in that same patch.
Summary: Use HTTPS instead of HTTP in CSP for Gravatar → Use HTTPS instead of HTTP for Gravatar in Loop/Hello
blocked waiting for UX for gravatar notifification
backlog: Fx36+ → Fx38?
backlog: Fx38? → backlog+
We addressed this in bug 1069962 when re-enabling Gravatar support for keeps.
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1069962
You need to log in before you can comment on or make changes to this bug.