Closed
Bug 1457513
Opened 3 years ago
Closed 3 years ago
Don't lie about CSP header
Categories
(DevTools :: JSON Viewer, defect)
Tracking
(firefox-esr52 unaffected, firefox-esr60 wontfix, firefox59 unaffected, firefox60 wontfix, firefox61 fixed)
RESOLVED
FIXED
Firefox 61
Tracking | Status | |
---|---|---|
firefox-esr52 | --- | unaffected |
firefox-esr60 | --- | wontfix |
firefox59 | --- | unaffected |
firefox60 | --- | wontfix |
firefox61 | --- | fixed |
People
(Reporter: Oriol, Assigned: Oriol)
Details
(Keywords: regression)
Attachments
(1 file)
1. Load https://api.github.com/ 2. Go to Headers tab You can see this header: Content-Security-Policy: default-src 'none' ; script-src resource:; But the server sent this instead: Content-Security-Policy: default-src 'none' Regressed by https://hg.mozilla.org/mozilla-central/rev/38f15c3991f9 If the header needs to be modified, then this should happen after storing original headers.
Comment hidden (mozreview-request) |
Comment 2•3 years ago
|
||
mozreview-review |
Comment on attachment 8971656 [details] Bug 1457513 - Let JSON Viewer display unmodified headers https://reviewboard.mozilla.org/r/240424/#review246378 Thanks for the patch & test, looks good to me! R+ assuming try is green. Honza
Attachment #8971656 -
Flags: review?(odvarko) → review+
Assignee | ||
Updated•3 years ago
|
Keywords: checkin-needed
Assignee | ||
Updated•3 years ago
|
Assignee: nobody → oriol-bugzilla
Status: NEW → ASSIGNED
Pushed by ncsoregi@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/2d72766be0b3 Let JSON Viewer display unmodified headers r=Honza
Keywords: checkin-needed
Comment 4•3 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/2d72766be0b3
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 61
Updated•3 years ago
|
status-firefox-esr52:
--- → unaffected
status-firefox-esr60:
--- → unaffected
Assignee | ||
Comment 5•3 years ago
|
||
esr60 seems affected, https://hg.mozilla.org/releases/mozilla-esr60/file/tip/devtools/client/jsonview/converter-child.js#l88
Comment 6•3 years ago
|
||
Too late for 60. I'm not convinced we need to uplift this to ESR60 either, but I'd entertain an argument.
Comment 7•3 years ago
|
||
I'm with Ryan on this one.
Updated•3 years ago
|
Product: Firefox → DevTools
You need to log in
before you can comment on or make changes to this bug.
Description
•