Closed
Bug 1526297
Opened 6 years ago
Closed 6 years ago
examine content_security_policy for incognito
Categories
(WebExtensions :: General, enhancement, P1)
WebExtensions
General
Tracking
(Not tracked)
RESOLVED
INVALID
People
(Reporter: mixedpuppy, Unassigned)
References
(Blocks 1 open bug)
Details
Since a CSP in the manifest is documented that it can loosen CSP, we should verify whether a not-allowed extension can modify CSP on private browsing.
Reporter | ||
Comment 1•6 years ago
|
||
@kmag probably knows this area best.
How CSP works is an area I'm not familiar with. The only place I see it being applied (or potentially used) is either in a content script from the extension or in Document.cpp, being applied to a document from the extension.
Flags: needinfo?(kmaglione+bmo)
Priority: -- → P1
Reporter | ||
Comment 2•6 years ago
|
||
After looking into it and getting a comment from robwu, nothing to see here.
Status: NEW → RESOLVED
Closed: 6 years ago
Flags: needinfo?(kmaglione+bmo)
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•