Open
Bug 1338782
Opened 7 years ago
Updated 2 years ago
verify CSP set on Worker script is not propagated backward to the document that created the Worker
Categories
(Core :: DOM: Workers, defect, P3)
Core
DOM: Workers
Tracking
()
NEW
People
(Reporter: bkelly, Unassigned)
Details
While working on bug 1333573 and its fallout its become apparent that CSP can get propagated around via the principal by accident. We should verify that if a dedicated Worker gets CSP set via headers those CSP values are not accidentally propagated back to the document.
Reporter | ||
Comment 1•7 years ago
|
||
I wrote a test case here: https://people-mozilla.org/~bkelly/csp-propagation-test/index.html AFAICT we don't have this kind of backward CSP propagation problem. I guess I should roll this into a couple automated test.
Updated•7 years ago
|
Priority: -- → P3
Reporter | ||
Updated•6 years ago
|
Assignee: ben → nobody
Status: ASSIGNED → NEW
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•