Closed
Bug 1491825
Opened 6 years ago
Closed 6 years ago
implement MOZ_LOG for content security checks (log topic "CSMLog")
Categories
(Core :: DOM: Security, enhancement, P2)
Core
DOM: Security
Tracking
()
RESOLVED
FIXED
mozilla64
| Tracking | Status | |
|---|---|---|
| firefox64 | --- | fixed |
People
(Reporter: freddy, Assigned: freddy)
Details
(Whiteboard: [domsecurity-active])
Attachments
(1 file)
The goal of this bug is to allow easier debugging of content security checks, by adding lots of MOZ_LOG calls to `nsContentSecurityManager::doContentSecurityCheck`. I've started off with a patch from ckerschb, that shows numerous information. Namely: - channel URI - loadingPrincipal - triggeringPrincipal - principal to be inherited - various load flags from loadinfo One might also consider adding a toString() for the loadinfo, instead of getting flags individually, but I'll submit a patch to discuss before diving much deeper. The first patch prints for httpchannels only with log level 4 (debug), but includes all other channels with a log level 5 (verbose).
|
Assignee | |
Comment 1•6 years ago
|
||
This patch adds a new log module 'CSMLog' for checks in nsContentSecurityManager::doContentSecurityCheck. With log level 4 (debug) only HTTP URLs will be logged. Level 5 (verbose) logs for all loads. The logger shows the following information: - channel URI - loadingPrincipal - triggeringPrincipal - principal to be inherited - load flags from loadinfo
|
||
Updated•6 years ago
|
Priority: -- → P2
Whiteboard: [domsecurity-active]
|
||
Comment 2•6 years ago
|
||
Comment on attachment 9009867 [details] Bug 1491825: add MOZ_LOG for content security checks Jonathan Kingston [:jkt] has approved the revision.
Attachment #9009867 -
Flags: review+
|
|
||
Comment 3•6 years ago
|
||
Comment on attachment 9009867 [details] Bug 1491825: add MOZ_LOG for content security checks Christoph Kerschbaumer [:ckerschb] has approved the revision.
Attachment #9009867 -
Flags: review+
|
|
Assignee | |
Updated•6 years ago
|
Keywords: checkin-needed
Pushed by apavel@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/bec29f2634a5 add MOZ_LOG for content security checks r=ckerschb
Keywords: checkin-needed
|
||
Comment 5•6 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/bec29f2634a5
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
status-firefox64:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla64
|
|
Assignee | |
Updated•6 years ago
|
Keywords: dev-doc-needed
|
||
Comment 6•6 years ago
|
||
Just to check, what web developer-facing features does this add, that need to be documented on MDN? Thanks!
Flags: needinfo?(fbraun)
|
|
Assignee | |
Comment 7•6 years ago
|
||
The documentation that needs updating with this bug would be <https://developer.mozilla.org/en-US/docs/Mozilla/Developer_guide/Gecko_Logging>, but that isn't targeting web developers, mostly. Is dev-doc-needed only for documentation targeting web developers?
Flags: needinfo?(fbraun)
|
|
||
Comment 8•6 years ago
|
||
(In reply to Frederik Braun [:freddyb] from comment #7) > The documentation that needs updating with this bug would be > <https://developer.mozilla.org/en-US/docs/Mozilla/Developer_guide/ > Gecko_Logging>, but that isn't targeting web developers, mostly. > Is dev-doc-needed only for documentation targeting web developers? These days, the focus of the MDN team is basically just web platform documentation; we don't tend to do platform stuff any more as we just don't have the capacity. I can help out on small updates, if you let me know what needs adding, or I'd also be happy to review additions made by engineering.
|
|
Assignee | |
Comment 9•6 years ago
|
||
Thanks for the clarification, Chris! I'm removing the flag.
Keywords: dev-doc-needed
You need to log in
before you can comment on or make changes to this bug.
Description
•