Closed
Bug 1453933
Opened 6 years ago
Closed 6 years ago
Apply Meta CSP to Content Privileged about:rights
Categories
(Core :: DOM: Security, defect, P2)
Core
DOM: Security
Tracking
()
RESOLVED
FIXED
mozilla61
Tracking | Status | |
---|---|---|
firefox61 | --- | fixed |
People
(Reporter: vinoth, Assigned: vinoth)
References
(Depends on 1 open bug)
Details
(Whiteboard: [domsecurity-active])
Attachments
(1 file)
No description provided.
Comment 1•6 years ago
|
||
Assignee | ||
Updated•6 years ago
|
Attachment #8967697 -
Flags: review?(ckerschb)
Comment 2•6 years ago
|
||
Comment on attachment 8967697 [details] 1453933 - Meta CSP applied to content privileged about:rights Christoph Kerschbaumer [:ckerschb] has approved the revision. https://phabricator.services.mozilla.com/D940
Attachment #8967697 -
Flags: review+
Comment 3•6 years ago
|
||
Comment on attachment 8967697 [details]
1453933 - Meta CSP applied to content privileged about:rights
Already r+ed by me.
Attachment #8967697 -
Flags: review?(ckerschb)
Updated•6 years ago
|
Status: NEW → ASSIGNED
Whiteboard: [domsecurity-active]
Assignee | ||
Comment 4•6 years ago
|
||
Comment on attachment 8967697 [details]
1453933 - Meta CSP applied to content privileged about:rights
Please review the patch for this bug.
Attachment #8967697 -
Flags: review?(gijskruitbosch+bugs)
Comment 5•6 years ago
|
||
Comment on attachment 8967697 [details]
1453933 - Meta CSP applied to content privileged about:rights
Reviewed on phab.
Attachment #8967697 -
Flags: review?(gijskruitbosch+bugs) → review-
Comment 6•6 years ago
|
||
Comment on attachment 8967697 [details] 1453933 - Meta CSP applied to content privileged about:rights Flag set by Christoph Kerschbaumer [:ckerschb] is no longer active. https://phabricator.services.mozilla.com/D940
Attachment #8967697 -
Flags: review+
Assignee | ||
Comment 7•6 years ago
|
||
Comment on attachment 8967697 [details]
1453933 - Meta CSP applied to content privileged about:rights
Requested changes are made.
Please review the patch.
Attachment #8967697 -
Flags: review- → review?(gijskruitbosch+bugs)
Comment 8•6 years ago
|
||
Comment on attachment 8967697 [details] 1453933 - Meta CSP applied to content privileged about:rights Christoph Kerschbaumer [:ckerschb] has approved the revision. :Gijs (he/him) has approved the revision. https://phabricator.services.mozilla.com/D940
Attachment #8967697 -
Flags: review+
Updated•6 years ago
|
Attachment #8967697 -
Flags: review?(gijskruitbosch+bugs)
Assignee | ||
Updated•6 years ago
|
Keywords: checkin-needed
Pushed by ryanvm@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/ba3c6122001c Meta CSP applied to content privileged about:rights. r=Gijs, r=ckerschb
Keywords: checkin-needed
Comment 10•6 years ago
|
||
Pushed by ryanvm@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/a825a8cf259a Fix ESLint comma-spacing errors in aboutRights.js. r=trivial
Comment 11•6 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/ba3c6122001c https://hg.mozilla.org/mozilla-central/rev/a825a8cf259a
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
status-firefox61:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla61
Comment 12•5 years ago
|
||
When running the automated browser_aboutURLs.js test, there seem to be errors: 11:21:52 INFO - Console message: [JavaScript Error: "Content Security Policy: The page’s settings blocked the loading of a resource at inline (“default-src”)." {file: "about:rights" line: 0}] 11:21:52 INFO - Console message: [JavaScript Error: "Content Security Policy: The page’s settings blocked the loading of a resource at inline (“default-src”)." {file: "about:rights" line: 0}] 11:21:52 INFO - Console message: [JavaScript Error: "Content Security Policy: The page’s settings blocked the loading of a resource at inline (“default-src”)." {file: "about:rights" line: 0}] can you check if we need a follow-up to fix these? Maybe some images or something else is being blocked that shouldn't be? (cf. https://taskcluster-artifacts.net/DY0UY2JtRDuQIm-lMYn8UQ/0/public/logs/live_backing.log )
Flags: needinfo?(ckerschb)
Comment 13•5 years ago
|
||
(In reply to :Gijs (he/him) from comment #12) > When running the automated browser_aboutURLs.js test, there seem to be > errors: Mhm, I couldn't reproduce any of these CSP errors locally. Did you have some other patches applied when you encountered those problems? Obviously if CSP is blocking something then we should figure out where and why. At the moment it seems fine to me. Is there anything else I might have to fiddle with so I can reproduce?
Flags: needinfo?(ckerschb) → needinfo?(gijskruitbosch+bugs)
Comment 14•5 years ago
|
||
(In reply to Christoph Kerschbaumer [:ckerschb] from comment #13) > (In reply to :Gijs (he/him) from comment #12) > > When running the automated browser_aboutURLs.js test, there seem to be > > errors: > > Mhm, I couldn't reproduce any of these CSP errors locally. Did you have some > other patches applied when you encountered those problems? Obviously if CSP > is blocking something then we should figure out where and why. At the moment > it seems fine to me. > > Is there anything else I might have to fiddle with so I can reproduce? I can reproduce on a nightly build (as distributed by moco) on Windows and Mac by just loading about:rights in a tab, but not on a local build on either of those platforms. I haven't worked out why yet.
Comment 15•5 years ago
|
||
Filed a follow-up for the warnings. It seems the branded copy of aboutRights has inline style, which the unbranded copy doesn't, which is probably one of the things that's tripping this.
Flags: needinfo?(gijskruitbosch+bugs)
You need to log in
before you can comment on or make changes to this bug.
Description
•