Open Bug 1338782 Opened 7 years ago Updated 2 years ago

verify CSP set on Worker script is not propagated backward to the document that created the Worker

Tracking

()

Status:

NEW

People

(Reporter: bkelly, Unassigned)

Details

Ben Kelly [:bkelly, not reviewing]

Reporter

Description

•

7 years ago

While working on bug 1333573 and its fallout its become apparent that CSP can get propagated around via the principal by accident.  We should verify that if a dedicated Worker gets CSP set via headers those CSP values are not accidentally propagated back to the document.

Ben Kelly [:bkelly, not reviewing]

Reporter

Comment 1

•

7 years ago

I wrote a test case here:

https://people-mozilla.org/~bkelly/csp-propagation-test/index.html

AFAICT we don't have this kind of backward CSP propagation problem.

I guess I should roll this into a couple automated test.

Hsin-Yi Tsai (she/her) [:hsinyi]

Updated

•

7 years ago

Priority: -- → P3

Ben Kelly [:bkelly, not reviewing]

Reporter

Updated

•

6 years ago

Assignee: ben → nobody

Status: ASSIGNED → NEW

BMO Automation

Updated

•

2 years ago

Severity: normal → S3

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

verify CSP set on Worker script is not propagated backward to the document that created the Worker

Categories

(Core :: DOM: Workers, defect, P3)

Tracking

()

People

(Reporter: bkelly, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Description

Comment 1

Updated

Updated

Updated