Closed
Bug 1268327
Opened 9 years ago
Closed 9 years ago
ReferrerPolicy should not be delivered through CSPRO
Categories
(Core :: DOM: Security, defect, P1)
Core
DOM: Security
Tracking
()
RESOLVED
FIXED
mozilla50
| Tracking | Status | |
|---|---|---|
| firefox50 | --- | fixed |
People
(Reporter: tnguyen, Assigned: ckerschb)
References
(Blocks 1 open bug)
Details
(Whiteboard: [domsecurity-active])
Attachments
(1 file, 1 obsolete file)
|
5.54 KB,
patch
|
ckerschb
:
review+
|
Details | Diff | Splinter Review |
In [1], should check report-only before adding referrerPolicy (only add in case non-report-only policy)
[1] https://dxr.mozilla.org/mozilla-central/source/dom/security/nsCSPContext.cpp#335
|
Assignee | |
Comment 1•9 years ago
|
||
Thanks Thomas - please also add a test to make sure we never regress that.
Whiteboard: [domsecurity-active]
|
|
Assignee | |
Updated•9 years ago
|
Whiteboard: [domsecurity-active] → [domsecurity-backlog]
|
|
Assignee | |
Updated•9 years ago
|
Priority: -- → P1
|
|
Assignee | |
Updated•9 years ago
|
Assignee: nobody → ckerschb
Status: NEW → ASSIGNED
Whiteboard: [domsecurity-backlog] → [domsecurity-active]
|
|
Assignee | |
Comment 2•9 years ago
|
||
Attachment #8764185 -
Flags: review?(tnguyen)
|
Reporter | |
Comment 3•9 years ago
|
||
Comment on attachment 8764185 [details] [diff] [review]
bug_1268327_referrer_policy_ro.patch
Review of attachment 8764185 [details] [diff] [review]:
-----------------------------------------------------------------
Lgtm.
Could we add a case that both a Content-Security-Policy-Report-Only header and a Content-Security-Policy header are present?
Attachment #8764185 -
Flags: review?(tnguyen) → review+
|
|
Assignee | |
Comment 4•9 years ago
|
||
(In reply to Thomas Nguyen[:tnguyen] from comment #3)
> Could we add a case that both a Content-Security-Policy-Report-Only header
> and a Content-Security-Policy header are present?
Sure can, added another test that delivers a CSP and a CSPRO.
Carrying over r+!
TRY looks good, this is ready to land!
Attachment #8764185 -
Attachment is obsolete: true
Attachment #8764217 -
Flags: review+
|
|
Assignee | |
Updated•9 years ago
|
Keywords: checkin-needed
|
||
Comment 5•9 years ago
|
||
| bugherder landing | ||
Keywords: checkin-needed
|
||
Comment 6•9 years ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
status-firefox50:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla50
You need to log in
before you can comment on or make changes to this bug.
Description
•