Closed Bug 1526297 Opened 4 years ago Closed 4 years ago

examine content_security_policy for incognito

Categories

(WebExtensions :: General, enhancement, P1)

enhancement

Tracking

(Not tracked)

RESOLVED INVALID

People

(Reporter: mixedpuppy, Unassigned)

References

(Blocks 1 open bug)

Details

Since a CSP in the manifest is documented that it can loosen CSP, we should verify whether a not-allowed extension can modify CSP on private browsing.

@kmag probably knows this area best.

How CSP works is an area I'm not familiar with. The only place I see it being applied (or potentially used) is either in a content script from the extension or in Document.cpp, being applied to a document from the extension.

Flags: needinfo?(kmaglione+bmo)
Priority: -- → P1

After looking into it and getting a comment from robwu, nothing to see here.

Status: NEW → RESOLVED
Closed: 4 years ago
Flags: needinfo?(kmaglione+bmo)
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.