Document-Loads blocked by XCTO nosniff are not logged in the Console
Categories
(Core :: DOM: Security, enhancement, P1)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox70 | --- | fixed |
People
(Reporter: sstreich, Assigned: sstreich)
References
Details
(Whiteboard: [domsecurity-active])
Attachments
(1 file)
Steps to reproduce:
- Load some html in an iframe with
- MIME-TYPE /
- XTCO-Nosniff
example on https://xtco-nosniff.glitch.me/
Firefox (if document nosniff is enabled ) will just prompt a download. Usually when we block js/css because of nosniff there is a console error indicating this. For document level loads there isn't.
|
||
Comment 1•6 years ago
|
||
That we should fix within this cycle since XCTO nosniff is prefed on by default.
|
|
||
Comment 2•6 years ago
|
||
Please note that we already have similar errors - maybe we can even reuse the same error, see:
https://searchfox.org/mozilla-central/rev/e62c920f7f6463239c6634113f8a8351e263b936/dom/locales/en-US/chrome/security/security.properties#85
|
||
Updated•6 years ago
|
|
Assignee | |
Comment 3•6 years ago
|
||
Depends on D41504
|
||
Comment 4•6 years ago
|
||
I tried to land this patch but got error:
We're sorry, Autoland could not rebase your commits for you automatically. Please manually rebase your commits and try again. applying /tmp/tmpQYbX1M netwerk/protocol/http/nsHttpChannel.cpp Hunk #1 succeeded at 1448 with fuzz 1 (offset 2 lines). netwerk/base/nsNetUtil.cpp Hunk #2 FAILED at 2893. 1 out of 2 hunks FAILED -- saving rejects to file netwerk/base/nsNetUtil.cpp.rej abort: patch command failed: exited with status 256
|
|
Assignee | |
Comment 5•6 years ago
|
||
Hey! Sorry about that, rebased and updated the revision :)
Pushed by rmaries@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/15846b81170a
Add a Console Message for XTCO-Nosniff r=ckerschb
|
|
||
Comment 7•6 years ago
|
||
| bugherder | ||
Description
•