Closed
Bug 1153423
(nsec-csp)
Opened 9 years ago
Closed 8 years ago
[META] Tracking bug for CSP implementation of New Security Model
Categories
(Core :: DOM: Security, defect)
Tracking
()
RESOLVED
WONTFIX
Future
People
(Reporter: jgong, Assigned: ethan)
References
Details
(Whiteboard: [newsecurity][domsecurity-meta])
User Story
This is a V3 initiative for a New Security Model. https://wiki.mozilla.org/FirefoxOS/New_security_model This Meta Bug is for tracking the "CSP" implementation, a sub-component of the bigger New Security Model project. https://wiki.mozilla.org/FirefoxOS/New_security_model#CSP ***** We need to make sure that it can't load scripts from outside of the signed package. And we need to make sure that it can't use inline scripts. The plan is to use the CSP code to accomplish this. We can mainly leverage existing code which enables applying a default CSP policy to certain content. We'll use this to apply a default CSP to all signed content similarly to how we currently apply a default CSP to all privileged apps. We'll also need to extend it to enable it to enforce loads to happen "from same package", rather than just "from same origin".
This is a V3 initiative for a New Security Model. https://wiki.mozilla.org/FirefoxOS/New_security_model This Meta Bug is for tracking the "CSP" implementation, a sub-component of the bigger New Security Model project. https://wiki.mozilla.org/FirefoxOS/New_security_model#CSP
|
Reporter | |
Updated•9 years ago
|
User Story: (updated)
Summary: [META] Tracking bug for Signing implementation of New Security Model → [META] Tracking bug for CSP implementation of New Security Model
|
|
Reporter | |
Updated•9 years ago
|
No longer depends on: nsec-signing
|
|
Reporter | |
Updated•9 years ago
|
|
|
Reporter | |
Updated•9 years ago
|
No longer blocks: nsec-signing
|
|
Reporter | |
Updated•9 years ago
|
Blocks: nsec-signing
|
|
Reporter | |
Updated•9 years ago
|
Blocks: nsec-origins
|
|
Reporter | |
Updated•9 years ago
|
Blocks: nsec-isolation
|
|
Reporter | |
Updated•9 years ago
|
|
|
Reporter | |
Updated•9 years ago
|
Blocks: nsec-installing
No longer depends on: nsec-installing
|
|
Reporter | |
Updated•9 years ago
|
No longer blocks: nsec-installing
Depends on: nsec-installing
|
|
Reporter | |
Updated•9 years ago
|
Blocks: nsec-signing
No longer depends on: nsec-signing
|
|
Reporter | |
Updated•9 years ago
|
Blocks: nsec-verify
No longer depends on: nsec-verify
|
|
Reporter | |
Updated•9 years ago
|
No longer blocks: nsec-signing, nsec-verify
Depends on: nsec-signing, nsec-verify
|
|
Reporter | |
Updated•9 years ago
|
Product: Firefox → Core
|
|
Reporter | |
Updated•9 years ago
|
Whiteboard: [NewSecurity] → [newsecurity]
|
|
Reporter | |
Updated•9 years ago
|
Priority: -- → P1
|
||
Updated•9 years ago
|
No longer depends on: nsec-verify
|
|
||
Updated•9 years ago
|
Alias: nsec-csp
|
|
||
Updated•9 years ago
|
blocking-b2g: --- → 2.5+
|
Assignee | |
Updated•9 years ago
|
Status: NEW → ASSIGNED
Target Milestone: --- → FxOS-S10 (30Oct)
|
|
||
Updated•9 years ago
|
blocking-b2g: 2.5+ → ---
|
||
Comment 2•8 years ago
|
||
Moving this one over to DOM:Security, since it's related to CSP!
Component: Security → DOM: Security
Whiteboard: [newsecurity] → [newsecurity][domsecurity-meta]
|
|
Assignee | |
Comment 3•8 years ago
|
||
All child bugs of this bug were either fixed or resolved wontfix. Should we still track this meta bug?
Priority: P1 → --
Target Milestone: FxOS-S10 (30Oct) → Future
|
|
Assignee | |
Comment 4•8 years ago
|
||
Close this bug since New Security Model project was stopped.
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•