Open
Bug 1223624
Opened 9 years ago
Updated 2 years ago
IsURIPotentiallyTrustworthy should check nesting and wss
Categories
(Core :: Security, defect)
Tracking
()
NEW
People
(Reporter: tanvi, Unassigned)
References
Details
IsURIPotentiallyTrustworthy should check nested protocols. We probably should just check the innermost scheme here against https, file, etc: http://mxr.mozilla.org/mozilla-central/source/dom/security/nsContentSecurityManager.cpp#410 We should also add wss per spec. I'm not sure why Service Workers need an API that doesn't accept wss (https://bugzilla.mozilla.org/show_bug.cgi?id=1221365#c12)
Comment 1•9 years ago
|
||
Service workers explicitly wants only http/https. I just landed checks in SWM to do this after the trustworthy check is made. I raised a spec issue about this: https://github.com/slightlyoff/ServiceWorker/issues/780#issuecomment-155624630
Updated•8 years ago
|
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•