Duplicate browser_data_load_inherit_csp.js and use upgrade-insecure-requests

RESOLVED FIXED in Firefox 68

Status

()

task
P1
normal
RESOLVED FIXED
3 months ago
3 months ago

People

(Reporter: ckerschb, Assigned: ckerschb)

Tracking

unspecified
mozilla68
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox68 fixed)

Details

(Whiteboard: [domsecurity-active])

Attachments

(1 attachment, 1 obsolete attachment)

After Bug 965637 the CSP will not hang off the Principal anymore, hence checking the resulting CSP using

let principal = channel.loadInfo.triggeringPrincipal;
let cspJSON = principal.cspJSON;

will not work anymore. Since this is the CSP for a new top-level load, we can easily rewrite the test and actually check that the scheme is updated from http to https.

Assignee

Updated

3 months ago
Assignee: nobody → ckerschb
Status: NEW → ASSIGNED
Type: defect → task
Priority: -- → P1
Whiteboard: [domsecurity-active]
Assignee

Updated

3 months ago
Summary: Update browser_data_load_inherit_csp.js to use upgrade-insecure-requests → Duplicate browser_data_load_inherit_csp.js and use upgrade-insecure-requests
Attachment #9056668 - Attachment is obsolete: true

Comment 3

3 months ago
Pushed by mozilla@christophkerschbaumer.com:
https://hg.mozilla.org/integration/autoland/rev/1fe827432de4
Duplicate browser_data_load_inherit_csp.js and use upgrade-insecure-requests. r=Gijs

Comment 4

3 months ago
bugherder
Status: ASSIGNED → RESOLVED
Closed: 3 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla68
You need to log in before you can comment on or make changes to this bug.