Closed Bug 1441514 Opened 6 years ago Closed 6 years ago

The CSP value for the current page should be shown in the Security panel in the "Page Information" modal

Categories

(Core :: Security, enhancement)

Product:
Core
Component:
Security
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME
Tracking Flags:
Tracking Status
firefox60 --- affected

People

(Reporter: julienw, Unassigned)

References

(Blocks 1 open bug)

Details

Currently it's extremely difficult to know a current page's CSP value, so it's very difficult to debug problems.

This value should be shown somewhere, and preferably in the "Page Information" modal that already has a Security tab with security-related information.
This is currently available in the GCLI with the command "security csp". Open the "Developer Toolbar" to get there.

On the down side the devtools team is talking about removing the GCLI feature (it's not used much). We've talked about other places to move this information in devtools. It's much more likely to find a home in DevTools than in Page Information given the different audiences for each.

Although not exactly what you requested in the bug, I think the intent of the bug is satisfied so I'm going to close it.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WORKSFORME
Hey Daniel,

Thanks, the information that this even exists is very well hidden... I'll look into adding the link to [1] in some others CSP pages on MDN.
I agree that this is more a developer thing, so would be better located in devtools.

For those following along, [2] holds a discussion about our plans to display this better in the devtools.

[1] https://developer.mozilla.org/en-US/docs/Tools/GCLI/Display_security_and_privacy_policies
[2] https://mail.mozilla.org/pipermail/firefox-dev/2018-March/006296.html
You need to log in before you can comment on or make changes to this bug.