Closed Bug 1457513 Opened Last year Closed Last year
Don't lie about CSP header
59 bytes, text/x-review-board-request
1. Load https://api.github.com/ 2. Go to Headers tab You can see this header: Content-Security-Policy: default-src 'none' ; script-src resource:; But the server sent this instead: Content-Security-Policy: default-src 'none' Regressed by https://hg.mozilla.org/mozilla-central/rev/38f15c3991f9 If the header needs to be modified, then this should happen after storing original headers.
Comment on attachment 8971656 [details] Bug 1457513 - Let JSON Viewer display unmodified headers https://reviewboard.mozilla.org/r/240424/#review246378 Thanks for the patch & test, looks good to me! R+ assuming try is green. Honza
Attachment #8971656 - Flags: review?(odvarko) → review+
Assignee: nobody → oriol-bugzilla
Status: NEW → ASSIGNED
Pushed by firstname.lastname@example.org: https://hg.mozilla.org/integration/autoland/rev/2d72766be0b3 Let JSON Viewer display unmodified headers r=Honza
Too late for 60. I'm not convinced we need to uplift this to ESR60 either, but I'd entertain an argument.
You need to log in before you can comment on or make changes to this bug.