Closed Bug 1476280 Opened 6 years ago Closed 6 years ago

SecurityPolicyViolationEvent.blockedURI should contain the original URL in case of redirects

Categories

(Core :: DOM: Security, enhancement)

enhancement
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla63
Tracking Status
firefox63 --- fixed

People

(Reporter: baku, Assigned: baku)

References

Details

(Whiteboard: [domsecurity-backlog1] [domsecurity-active][wptsync upstream])

Attachments

(2 files)

We current report the final URL. This doesn't follow the CSP3 spec.
Whiteboard: [domsecurity-backlog1] [domsecurity-active]
Status: NEW → ASSIGNED
Attachment #8992632 - Flags: review?(ckerschb)
Attachment #8992634 - Flags: review?(ckerschb)
Comment on attachment 8992634 [details] [diff] [review] part 2 - no cache Review of attachment 8992634 [details] [diff] [review]: ----------------------------------------------------------------- r+ on that cache removal which has become outdated for quite some time now and doesn't really buy us anything. thanks!
Attachment #8992634 - Flags: review?(ckerschb) → review+
Comment on attachment 8992632 [details] [diff] [review] part 1 - redirect Review of attachment 8992632 [details] [diff] [review]: ----------------------------------------------------------------- please incorporate my nit and r=me ::: dom/security/nsCSPContext.cpp @@ +95,5 @@ > +BlockedContentSourceToString(nsCSPContext::BlockedContentSource aSource, > + nsACString& aString) > +{ > + switch (aSource) { > + case nsCSPContext::BlockedContentSource::eUnknown: I think it would be better to move eUnkown to the bottom with a fall through to default: to make sure in case someone extends the enum but does not update that code correctly, it fails/truncates by default.
Attachment #8992632 - Flags: review?(ckerschb) → review+
Pushed by amarchesini@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/11e3d3bd2328 SecurityPolicyViolationEvent.blockedURI should contain the original URL in case of redirects, r=ckerschb
The cache patch is going to land in a separate bug. See bug 1476592
Blocks: 1476592
Created web-platform-tests PR https://github.com/web-platform-tests/wpt/pull/12062 for changes under testing/web-platform/tests
Whiteboard: [domsecurity-backlog1] [domsecurity-active] → [domsecurity-backlog1] [domsecurity-active][wptsync upstream]
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla63
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: