1497190 - Apply Meta CSP to about:cache-entry

Status: RESOLVED FIXED

(Core :: DOM: Security, enhancement, P3)

Comment 1

[Christoph Kerschbaumer [:ckerschb]]

Attachment: bug_1497190_csp_about_cache-entry.patch

Comment 2

[:Gijs (he/him)]

FWIW, why this page has privileges at all is beyond me. Can we downgrade it if it isn't already?

Comment 3

[Christoph Kerschbaumer [:ckerschb]]

(In reply to :Gijs (he/him) from comment #2)
> FWIW, why this page has privileges at all is beyond me. Can we downgrade it
> if it isn't already?

FWIW, I am gathering a list of pages that we can downgrade - this is one of them. I am in the process of having an intern work on this all of next summer.

Comment 4

[BugBot [:suhaib / :marco/ :calixte]]

There's a r+ patch which didn't land and no activity in this bug for 2 weeks.
:ckerschb, could you have a look please?

Comment 5

[Christoph Kerschbaumer [:ckerschb]]

Before we can apply CSP to system privileged about pages we have to fix Bug 965637, in which we move the CSP from the Principal into the Client. Please note that the Meta Bug 1492063 for applying CSP to system privileged about: pages is blocked by 965637. At the moment we are fixing the last remaining blockers and as soon as we have landed Bug 965637 I'll try to land all the dependencies of Bug 1492063 so we end up having all about: pages secured by a CSP.

Comment 6

[Christoph Kerschbaumer [:ckerschb]]

Attachment: Bug 1497190: Apply Meta CSP to about:cache-entry. r=gijs

Comment 7

[Pulsebot]

Pushed by mozilla@christophkerschbaumer.com:
https://hg.mozilla.org/integration/autoland/rev/d617ec46f157
Apply Meta CSP to about:cache-entry.

Comment 8

[Narcis Beleuzu [:NarcisB]]

https://hg.mozilla.org/mozilla-central/rev/d617ec46f157