Open Bug 1540119 Opened 6 years ago Updated 2 years ago

Investigate if CSP and Referrer are spec-compliant within nsWindowWatcher

Categories

(Core :: DOM: Security, task, P3)

Product:
Core
Component:
DOM: Security
Type:
task

Tracking

()

People

(Reporter: ckerschb, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-backlog1])

Within Bug 1529893 we did some groundwork to figure out what CSP to pass within nsWindowWatcher - while that is fine for now it's not entirely clear if Firefox (or even other browsers) are spec-compliant with regards to CSP and Referrer.

Within this bug we should do the following:
(a) Take dom/security/test/csp/test_uir_windowwatcher.html and convert it into a wpt test.
(b) Write a wpt test for the referrer similar to test_uir_windowwatcher.html.
(c) Investigate other browser behavior and compare spec behavior [1], because it seems that according to the spec HTML uses the entry global object as the relevant global object, which would be A (as in test_uir_windowwatcher.html). So according to that the referrer used within nsWindowWatcher is actually correct and the CSP we use is not. If that is correct or not we need to figure out.

[1] https://html.spec.whatwg.org/#window-open-steps

Depends on: 1529893
Type: enhancement → task
Priority: -- → P3
Whiteboard: [domsecurity-backlog1]
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.