CSP report URIs are not run through the URL classifier

RESOLVED FIXED in Firefox 47

Status

()

Toolkit
Safe Browsing
RESOLVED FIXED
2 years ago
2 years ago

People

(Reporter: francois, Assigned: francois)

Tracking

(Blocks: 1 bug)

unspecified
mozilla47
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox47 fixed)

Details

MozReview Requests

()

Submitter Diff Changes Open Issues Last Updated
Loading...
Error loading review requests:

Attachments

(2 attachments)

(Assignee)

Description

2 years ago
Created attachment 8718126 [details]
csp-reporturi.html

Steps:

1. Host the attached test page on a web server.
2. Serve it with this CSP header: img-src 'none'; report-uri https://itisatracker.com/csp-report
3. Open that test page in Private Browsing.

Expected:

The report is not sent because the reporting endpoint is on the TP list.

Actual:

The report is sent.
(Assignee)

Comment 1

2 years ago
Christoph points to this code:

https://dxr.mozilla.org/mozilla-central/rev/ac39fba33c6daf95b2cda71e588ca18e2eb752ab/dom/security/nsCSPContext.cpp#853-867
(Assignee)

Updated

2 years ago
Component: DOM: Security → Safe Browsing
Product: Core → Toolkit
(Assignee)

Comment 2

2 years ago
Created attachment 8718651 [details]
MozReview Request: Bug 1247464 - Run CSP report URIs through the URL classifier. r?ckerschb

Review commit: https://reviewboard.mozilla.org/r/34667/diff/#index_header
See other reviews: https://reviewboard.mozilla.org/r/34667/
Attachment #8718651 - Flags: review?(mozilla)
Attachment #8718651 - Flags: review?(mozilla) → review+
Comment on attachment 8718651 [details]
MozReview Request: Bug 1247464 - Run CSP report URIs through the URL classifier. r?ckerschb

https://reviewboard.mozilla.org/r/34667/#review31347

Looks good to me - thanks!

Comment 4

2 years ago
https://hg.mozilla.org/integration/mozilla-inbound/rev/cc28ecb2b687

Comment 5

2 years ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/cc28ecb2b687
Status: ASSIGNED → RESOLVED
Last Resolved: 2 years ago
status-firefox47: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla47
(Assignee)

Updated

2 years ago
Blocks: 1207775
You need to log in before you can comment on or make changes to this bug.