Closed
Bug 1476280
Opened 6 years ago
Closed 6 years ago
SecurityPolicyViolationEvent.blockedURI should contain the original URL in case of redirects
Categories
(Core :: DOM: Security, enhancement)
Core
DOM: Security
Tracking
()
RESOLVED
FIXED
mozilla63
Tracking | Status | |
---|---|---|
firefox63 | --- | fixed |
People
(Reporter: baku, Assigned: baku)
References
Details
(Whiteboard: [domsecurity-backlog1] [domsecurity-active][wptsync upstream])
Attachments
(2 files)
22.60 KB,
patch
|
ckerschb
:
review+
|
Details | Diff | Splinter Review |
7.03 KB,
patch
|
ckerschb
:
review+
|
Details | Diff | Splinter Review |
We current report the final URL. This doesn't follow the CSP3 spec.
Assignee | ||
Updated•6 years ago
|
Whiteboard: [domsecurity-backlog1] [domsecurity-active]
Assignee | ||
Updated•6 years ago
|
Status: NEW → ASSIGNED
Assignee | ||
Comment 1•6 years ago
|
||
Attachment #8992632 -
Flags: review?(ckerschb)
Assignee | ||
Comment 2•6 years ago
|
||
Attachment #8992634 -
Flags: review?(ckerschb)
Comment 3•6 years ago
|
||
Comment on attachment 8992634 [details] [diff] [review]
part 2 - no cache
Review of attachment 8992634 [details] [diff] [review]:
-----------------------------------------------------------------
r+ on that cache removal which has become outdated for quite some time now and doesn't really buy us anything. thanks!
Attachment #8992634 -
Flags: review?(ckerschb) → review+
Comment 4•6 years ago
|
||
Comment on attachment 8992632 [details] [diff] [review]
part 1 - redirect
Review of attachment 8992632 [details] [diff] [review]:
-----------------------------------------------------------------
please incorporate my nit and r=me
::: dom/security/nsCSPContext.cpp
@@ +95,5 @@
> +BlockedContentSourceToString(nsCSPContext::BlockedContentSource aSource,
> + nsACString& aString)
> +{
> + switch (aSource) {
> + case nsCSPContext::BlockedContentSource::eUnknown:
I think it would be better to move eUnkown to the bottom with a fall through to default: to make sure in case someone extends the enum but does not update that code correctly, it fails/truncates by default.
Attachment #8992632 -
Flags: review?(ckerschb) → review+
Pushed by amarchesini@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/11e3d3bd2328
SecurityPolicyViolationEvent.blockedURI should contain the original URL in case of redirects, r=ckerschb
Assignee | ||
Comment 6•6 years ago
|
||
The cache patch is going to land in a separate bug. See bug 1476592
Blocks: 1476592
Created web-platform-tests PR https://github.com/web-platform-tests/wpt/pull/12062 for changes under testing/web-platform/tests
Whiteboard: [domsecurity-backlog1] [domsecurity-active] → [domsecurity-backlog1] [domsecurity-active][wptsync upstream]
Comment 8•6 years ago
|
||
bugherder |
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
status-firefox63:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla63
Upstream PR merged
You need to log in
before you can comment on or make changes to this bug.
Description
•