Closed Bug 1334158 Opened 8 years ago Closed 8 years ago

Lightbox images CSP error on bug modal

Categories

(bugzilla.mozilla.org :: General, defect, P1)

Product:
bugzilla.mozilla.org
Component:
General
Version:
Production
Type:
defect

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: dylan, Assigned: dylan)

References

Details

Attachments

(1 file)

1334158_1.patch
4.82 KB, patch
dkl
: review+
Details | Diff | Splinter Review
img-src needs to include the attachments domain
Blocks: 1334160
Attached patch 1334158_1.patchSplinter Review
Assignee: nobody → dylan
Status: NEW → ASSIGNED
Attachment #8830784 - Flags: review?(dkl)
for this, we're adding the attachment base to the img-src rule -- this will always include a trailing slash, does that matter for any reason? example (from a dev instance): default-src 'self'; child-src 'self' https://ashughes1.github.io/bugzilla-socorro-lens/chart.htm; connect-src 'self' https://brasstacks.mozilla.com/orangefactor/api/count; img-src 'self' https://secure.gravatar.com http://bug888.bugzilla.vm/1334158/; object-src http://bugzilla.vm/1334158/extensions/BugModal/web/ZeroClipboard/ZeroClipboard.swf; script-src 'self' 'nonce-ddQii9uT6Oe8xZquL5NpfEui2u3571tdzeLLnZV6dIAevTOJ' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; frame-ancestors 'none'; form-action 'self' https://www.google.com/search
Flags: needinfo?(april)
Severity: normal → major
Priority: -- → P1
With CSP, if it has a trailing slash, it is that URL and any URLs underneath it. If it lacks a trailing slash, then it is only that URL and that URL specifically. img-src https://www.example.com/images <-- only a file called images img-src https://www.example.com/images/ <-- any images inside the images directory
Flags: needinfo?(april)
I should add that I believe that these are identical: img-src https://www.example.com img-src https://www.example.com/ But I usually only see the first one in practice.
Comment on attachment 8830784 [details] [diff] [review] 1334158_1.patch Review of attachment 8830784 [details] [diff] [review]: ----------------------------------------------------------------- r=dkl
Attachment #8830784 - Flags: review?(dkl) → review+
To git@github.com:mozilla-bteam/bmo.git c768148..e320945 master -> master
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
this change is now live. dkl
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: