Closed
Bug 1564485
Opened 5 years ago
Closed 5 years ago
Disallow http(s) resources from being loaded in non-content processes
Categories
(Core :: DOM: Security, enhancement, P2)
Core
DOM: Security
Tracking
()
RESOLVED
DUPLICATE
of bug 1560178
People
(Reporter: tjr, Assigned: tjr)
References
Details
(Whiteboard: [domsecurity-active])
In Bug 1513445 we applied the restriction to disallow http(s) resources from being loaded as System Principal. This bug aims to go further: to disallow them from being loaded at all. We'll need to develop an allowlist for things to go through of course.
Updated•5 years ago
|
Status: NEW → ASSIGNED
Priority: -- → P2
Whiteboard: [domsecurity-active]
Comment 1•5 years ago
|
||
Note that a bunch of this is happening in bug 1560178. There's more we can do, but it's worth looking at that before diving in here, I expect.
Flags: needinfo?(tom)
Assignee | ||
Updated•5 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Flags: needinfo?(tom)
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•