Closed
Bug 1223383
Opened 9 years ago
Closed 9 years ago
Content Security Policy: Couldn't process unknown directive 'sandbox'
Categories
(Core :: DOM: Security, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 671389
People
(Reporter: andriy.pitukh, Unassigned)
Details
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0
Build ID: 20151029151421
Steps to reproduce:
1. Create a web page with alert script:
<html><body><script>alert("You are hacked")</script></body></html>
2. Set Content-Security-Policy header for this page with value "sandbox" or "sandbox;".
3. Open page in Firefox
Actual results:
Error in Console:
Content Security Policy: Couldn't process unknown directive 'sandbox'
Alert box appears in browser.
Expected results:
Alert box must be blocked by browser, violation must be shown in console.
If header value is "default-src *; sandbox;" - Firefox works as expected. Chrome and IE works ok in all cases.
OS: Unspecified → Windows 7
Hardware: Unspecified → x86_64
(In reply to Adei from comment #1) > If header value is "default-src *; sandbox;" - Firefox works as expected. Sorry, actually not. Does Firefox support "sandbox" in CSP at all? https://developer.mozilla.org/en-US/docs/Web/Security/CSP/CSP_policy_directives
Looks like "sandbox" is not implemented in Firefox. https://bugzilla.mozilla.org/show_bug.cgi?id=671389 It's really sad.
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
|
||
Updated•9 years ago
|
Component: Untriaged → DOM: Security
OS: Windows 7 → All
Product: Firefox → Core
Hardware: x86_64 → All
You need to log in
before you can comment on or make changes to this bug.
Description
•