Open
Bug 1122735
Opened 9 years ago
Updated 7 years ago
Warn about changes to security headers
Categories
(addons.mozilla.org Graveyard :: Add-on Validation, defect)
addons.mozilla.org Graveyard
Add-on Validation
Tracking
(Not tracked)
NEW
2015-02
People
(Reporter: kmag, Unassigned)
Details
(Whiteboard: [ReviewTeam:P1])
There are a number of add-ons which have been attempting to change HTTP security headers in unsafe ways. We should warn whenever an add-on attempts to set the values of any of the following response headers: Access-Control-Allow-Credentials Access-Control-Allow-Headers Access-Control-Allow-Methods Access-Control-Allow-Origin Access-Control-Expose-Headers Access-Control-Max-Age (Possibly just Access-Control-*) Content-Security-Policy Content-Security-Policy-Report-Only Strict-Transport-Security X-Content-Security-Policy X-Frame-Options And probably the following request headers as well: Access-Control-Request-Headers Access-Control-Request-Method Origin Referer
|
Reporter | |
Updated•9 years ago
|
Whiteboard: [ReviewTeam] → [ReviewTeam:P1]
|
|
Reporter | |
Updated•9 years ago
|
Target Milestone: --- → 2015-02
|
||
Updated•8 years ago
|
Assignee: nobody → mstriemer
|
Assignee | |
Updated•8 years ago
|
Product: addons.mozilla.org → addons.mozilla.org Graveyard
|
||
Updated•7 years ago
|
Assignee: mstriemer → nobody
You need to log in
before you can comment on or make changes to this bug.
Description
•