Open Bug 1457204 Opened 4 years ago Updated 6 months ago
Implement `prefetch-src` CSP directive
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.117 Safari/537.36 Steps to reproduce: In order to block potential data leaks through prefetch requests, it was decided  that a `prefetch-src`CSP directive would be added and control such requests, and that prefetch requests would have their own `Request.initiator` and an empty string destination.  https://github.com/w3c/webappsec-csp/issues/107  https://github.com/whatwg/fetch/pull/659 Actual results: Going to http://w3c-test.org/content-security-policy/prefetch-src/ the tests fail Expected results: They should pass
Component: Untriaged → DOM: Security
Product: Firefox → Core
Type: defect → task
Version: 47 Branch → unspecified
You need to log in before you can comment on or make changes to this bug.