Open Bug 1223624 Opened 10 years ago Updated 3 years ago

IsURIPotentiallyTrustworthy should check nesting and wss

Categories

(Core :: Security, defect)

Product:

Component:

Version:

44 Branch

Type:

defect

Priority:

Not set

Severity:

S3

Tracking

()

Status:

NEW

People

(Reporter: tanvi, Unassigned)

References

Details

Tanvi Vyas[:tanvi]

Reporter

Description

•

10 years ago

IsURIPotentiallyTrustworthy should check nested protocols. We probably should just check the innermost scheme here against https, file, etc: http://mxr.mozilla.org/mozilla-central/source/dom/security/nsContentSecurityManager.cpp#410 We should also add wss per spec. I'm not sure why Service Workers need an API that doesn't accept wss (https://bugzilla.mozilla.org/show_bug.cgi?id=1221365#c12)

Ben Kelly [:bkelly, not reviewing]

Comment 1

•

10 years ago

Service workers explicitly wants only http/https. I just landed checks in SWM to do this after the trustworthy check is made. I raised a spec issue about this: https://github.com/slightlyoff/ServiceWorker/issues/780#issuecomment-155624630

Jonathan Watt [:jwatt]

Updated

•

9 years ago

No longer blocks: 1162772

See Also: → 1162772

Updated

•

3 years ago

Severity: normal → S3

You need to log in before you can comment on or make changes to this bug.