Closed Bug 1465847 Opened 6 years ago Closed 4 years ago

WebsiteFilter policy does not block view-source

Categories

(Firefox :: Enterprise Policies, defect, P3)

Product:
Firefox
Component:
Enterprise Policies
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
85 Branch
Tracking Flags:
Tracking Status
firefox-esr78 --- fixed
firefox62 --- wontfix
firefox84 --- fixed
firefox85 --- fixed

People

(Reporter: Felipe, Assigned: mkaply)

References

Details

Attachments

(1 file)

Bug 1465847 - If a website is blocked via policy, block view source. r?emalysz!
47 bytes, text/x-phabricator-request
RyanVM
: approval-mozilla-beta+
jcristau
: approval-mozilla-esr78+
Details | Review
+++ This bug was initially created as a clone of Bug #1429178 +++ As reported in bug 1429178 comment 27, right-clicking on the Blocked Page when the WebsiteFilter policy is in use will still allow the view source protocol from downloading the page and displaying its source
Priority: P1 → P3
Assignee: nobody → mozilla
Status: NEW → ASSIGNED
Pushed by mozilla@kaply.com: https://hg.mozilla.org/integration/autoland/rev/d1c5493f3915 If a website is blocked via policy, block view source. r=emalysz
Backout by btara@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/0f49306f697f Backed out changeset d1c5493f3915 for causing leaks CLOSED TREE

I'm still looking at how to resolve this.

Depends on: 1450309
Flags: needinfo?(mozilla)
See Also: → 1678413
Pushed by mozilla@kaply.com: https://hg.mozilla.org/integration/autoland/rev/0c472d4d9215 If a website is blocked via policy, block view source. r=emalysz

https://hg.mozilla.org/mozilla-central/rev/0c472d4d9215

Status: ASSIGNED → RESOLVED
Closed: 4 years ago
status-firefox85: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 85 Branch

Comment on attachment 9183020 [details]
Bug 1465847 - If a website is blocked via policy, block view source. r?emalysz!

Beta/Release Uplift Approval Request

  • User impact if declined: Even though URLs and files are blocked, users can still view-source those URLs.
  • Is this code covered by automated tests?: No
  • Has the fix been verified in Nightly?: No
  • Needs manual test from QE?: No
  • If yes, steps to reproduce:
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): Policy only, only affects if view source is active.
  • String changes made/needed:

ESR Uplift Approval Request

  • If this is not a sec:{high,crit} bug, please state case for ESR consideration: Fixes a small hole in our file blocking. I apologize for not getting this into the last release. The test was causing a leak which we are investigating separately (it was unrelated to this fix). Very low risk.
  • User impact if declined: Even though URLs and files are blocked, users can still view-source those URLs.
  • Fix Landed on Version: 85
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): Policy only, only affects if view source is active.
  • String or UUID changes made by this patch:
Attachment #9183020 - Flags: approval-mozilla-esr78?
Attachment #9183020 - Flags: approval-mozilla-beta?

Comment on attachment 9183020 [details]
Bug 1465847 - If a website is blocked via policy, block view source. r?emalysz!

Approved for 84.0b4.

Attachment #9183020 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Regressions: 1678413
See Also: 1678413

Comment on attachment 9183020 [details]
Bug 1465847 - If a website is blocked via policy, block view source. r?emalysz!

approved for 78.6esr

Attachment #9183020 - Flags: approval-mozilla-esr78? → approval-mozilla-esr78+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: