Closed Bug 1564485 Opened 5 years ago Closed 5 years ago

Disallow http(s) resources from being loaded in non-content processes

Tracking

()

Status:

RESOLVED DUPLICATE of bug 1560178

People

(Reporter: tjr, Assigned: tjr)

References

Details

(Whiteboard: [domsecurity-active])

Tom Ritter [:tjr] (OOTO until 4/30 at least)

Assignee

Description

•

5 years ago

In Bug 1513445 we applied the restriction to disallow http(s) resources from being loaded as System Principal. This bug aims to go further: to disallow them from being loaded at all. We'll need to develop an allowlist for things to go through of course.

Christoph Kerschbaumer [:ckerschb]

Updated

•

5 years ago

Status: NEW → ASSIGNED

Priority: -- → P2

Whiteboard: [domsecurity-active]

Tom Ritter [:tjr] (OOTO until 4/30 at least)

Assignee

Updated

•

5 years ago

Depends on: 1305331

:Gijs (he/him)

Comment 1

•

5 years ago

Note that a bunch of this is happening in bug 1560178. There's more we can do, but it's worth looking at that before diving in here, I expect.

Flags: needinfo?(tom)

Tom Ritter [:tjr] (OOTO until 4/30 at least)

Assignee

Updated

•

5 years ago

Status: ASSIGNED → RESOLVED

Closed: 5 years ago

Flags: needinfo?(tom)

Resolution: --- → DUPLICATE

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Disallow http(s) resources from being loaded in non-content processes

Categories

(Core :: DOM: Security, enhancement, P2)

Tracking

()

People

(Reporter: tjr, Assigned: tjr)

References

Details

(Whiteboard: [domsecurity-active])

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Comment 1

Updated