verify CSP set on Worker script is not propagated backward to the document that created the Worker

ASSIGNED
Assigned to

Status

()

Core
DOM: Workers
P3
normal
ASSIGNED
a year ago
8 months ago

People

(Reporter: bkelly, Assigned: bkelly)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Assignee)

Description

a year ago
While working on bug 1333573 and its fallout its become apparent that CSP can get propagated around via the principal by accident.  We should verify that if a dedicated Worker gets CSP set via headers those CSP values are not accidentally propagated back to the document.
(Assignee)

Comment 1

a year ago
I wrote a test case here:

https://people-mozilla.org/~bkelly/csp-propagation-test/index.html

AFAICT we don't have this kind of backward CSP propagation problem.

I guess I should roll this into a couple automated test.

Updated

8 months ago
Priority: -- → P3
You need to log in before you can comment on or make changes to this bug.