Open Bug 1122735 Opened 9 years ago Updated 7 years ago
Warn about changes to security headers
There are a number of add-ons which have been attempting to change HTTP security headers in unsafe ways. We should warn whenever an add-on attempts to set the values of any of the following response headers: Access-Control-Allow-Credentials Access-Control-Allow-Headers Access-Control-Allow-Methods Access-Control-Allow-Origin Access-Control-Expose-Headers Access-Control-Max-Age (Possibly just Access-Control-*) Content-Security-Policy Content-Security-Policy-Report-Only Strict-Transport-Security X-Content-Security-Policy X-Frame-Options And probably the following request headers as well: Access-Control-Request-Headers Access-Control-Request-Method Origin Referer
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.