Closed Bug 1526297 Opened 6 years ago Closed 6 years ago

examine content_security_policy for incognito

Tracking

(Not tracked)

Status:

RESOLVED INVALID

People

(Reporter: mixedpuppy, Unassigned)

References

(Blocks 1 open bug)

Details

Shane Caraveo (:mixedpuppy)

Reporter

Description

•

6 years ago

Since a CSP in the manifest is documented that it can loosen CSP, we should verify whether a not-allowed extension can modify CSP on private browsing.

Shane Caraveo (:mixedpuppy)

Reporter

Comment 1

•

6 years ago

@kmag probably knows this area best.

How CSP works is an area I'm not familiar with. The only place I see it being applied (or potentially used) is either in a content script from the extension or in Document.cpp, being applied to a document from the extension.

Flags: needinfo?(kmaglione+bmo)

Priority: -- → P1

Shane Caraveo (:mixedpuppy)

Reporter

Comment 2

•

6 years ago

After looking into it and getting a comment from robwu, nothing to see here.

Status: NEW → RESOLVED

Closed: 6 years ago

Flags: needinfo?(kmaglione+bmo)

Resolution: --- → INVALID

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

examine content_security_policy for incognito

Categories

(WebExtensions :: General, enhancement, P1)

Tracking

(Not tracked)

People

(Reporter: mixedpuppy, Unassigned)

References

(Blocks 1 open bug)

Details

Crash Data

Security

(public)

User Story

Description

Comment 1

Comment 2