Closed
Bug 1247464
Opened 9 years ago
Closed 9 years ago
CSP report URIs are not run through the URL classifier
Categories
(Toolkit :: Safe Browsing, defect)
Toolkit
Safe Browsing
Tracking
()
RESOLVED
FIXED
mozilla47
| Tracking | Status | |
|---|---|---|
| firefox47 | --- | fixed |
People
(Reporter: francois, Assigned: francois)
References
(Blocks 1 open bug)
Details
Attachments
(2 files)
Steps:
1. Host the attached test page on a web server.
2. Serve it with this CSP header: img-src 'none'; report-uri https://itisatracker.com/csp-report
3. Open that test page in Private Browsing.
Expected:
The report is not sent because the reporting endpoint is on the TP list.
Actual:
The report is sent.
|
Assignee | |
Comment 1•9 years ago
|
||
Christoph points to this code:
https://dxr.mozilla.org/mozilla-central/rev/ac39fba33c6daf95b2cda71e588ca18e2eb752ab/dom/security/nsCSPContext.cpp#853-867
|
|
Assignee | |
Updated•9 years ago
|
Component: DOM: Security → Safe Browsing
Product: Core → Toolkit
|
|
Assignee | |
Comment 2•9 years ago
|
||
Review commit: https://reviewboard.mozilla.org/r/34667/diff/#index_header
See other reviews: https://reviewboard.mozilla.org/r/34667/
Attachment #8718651 -
Flags: review?(mozilla)
|
||
Updated•9 years ago
|
Attachment #8718651 -
Flags: review?(mozilla) → review+
|
|
||
Comment 3•9 years ago
|
||
Comment on attachment 8718651 [details]
MozReview Request: Bug 1247464 - Run CSP report URIs through the URL classifier. r?ckerschb
https://reviewboard.mozilla.org/r/34667/#review31347
Looks good to me - thanks!
|
||
Comment 5•9 years ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
status-firefox47:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla47
You need to log in
before you can comment on or make changes to this bug.
Description
•