Closed
Bug 1277495
Opened 8 years ago
Closed 5 years ago
require-sri-for violations should report the blocked subresource, not the document
Categories
(Core :: DOM: Security, defect, P3)
Core
DOM: Security
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: freddy, Unassigned)
References
(Blocks 1 open bug)
Details
(Whiteboard: [domsecurity-backlog])
Attachments
(1 file)
No description provided.
Comment 1•8 years ago
|
||
Freddy, can you please provide a link to the code so that someone picking up that bug has a starting point? Thanks!
Whiteboard: [domsecurity-backlog]
Comment 2•8 years ago
|
||
(In reply to Christoph Kerschbaumer [:ckerschb] from comment #1) > Freddy, can you please provide a link to the code so that someone picking up > that bug has a starting point? Thanks! Sorry, I missed that you assigned it to yourself!
Status: NEW → ASSIGNED
Whiteboard: [domsecurity-backlog] → [domsecurity-active]
Reporter | ||
Comment 3•8 years ago
|
||
This work-in-progress patch gets both URLs (the blocked one as well as the document URL and passes it to logViolationReport). Unfortunately logViolationReport() always sends a blocked-uri of 'self', which is not useful at all. This bug needs a fixing of the CASE_CHECK_AND_REPORT macro, before it can be useful.
Updated•8 years ago
|
Priority: -- → P2
Reporter | ||
Comment 4•7 years ago
|
||
Comment 3 said logViolationReport, but the function in question is actually nsCSPContext:LogViolationDetails.
Reporter | ||
Updated•7 years ago
|
Status: ASSIGNED → NEW
Reporter | ||
Updated•7 years ago
|
Assignee: fbraun → nobody
Comment 5•6 years ago
|
||
Moving to p3 because no activity for at least 1 year(s). See https://github.com/mozilla/bug-handling/blob/master/policy/triage-bugzilla.md#how-do-you-triage for more information
Priority: P2 → P3
Reporter | ||
Comment 6•5 years ago
|
||
We've unimplemented require-sri-for
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•