Closed Bug 1571415 Opened 4 months ago Closed 3 months ago

Document-Loads blocked by XCTO nosniff are not logged in the Console

Categories

(Core :: DOM: Security, enhancement, P1)

enhancement

Tracking

()

RESOLVED FIXED
mozilla70
Tracking Status
firefox70 --- fixed

People

(Reporter: sstreich, Assigned: sstreich)

References

Details

(Whiteboard: [domsecurity-active])

Attachments

(1 file)

Steps to reproduce:

  • Load some html in an iframe with
    • MIME-TYPE /
    • XTCO-Nosniff

example on https://xtco-nosniff.glitch.me/

Firefox (if document nosniff is enabled ) will just prompt a download. Usually when we block js/css because of nosniff there is a console error indicating this. For document level loads there isn't.

Depends on: 1428473

That we should fix within this cycle since XCTO nosniff is prefed on by default.

Assignee: nobody → streich.mobile
Priority: -- → P1
Whiteboard: [domsecurity-active]
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true

I tried to land this patch but got error:
We're sorry, Autoland could not rebase your commits for you automatically. Please manually rebase your commits and try again. applying /tmp/tmpQYbX1M netwerk/protocol/http/nsHttpChannel.cpp Hunk #1 succeeded at 1448 with fuzz 1 (offset 2 lines). netwerk/base/nsNetUtil.cpp Hunk #2 FAILED at 2893. 1 out of 2 hunks FAILED -- saving rejects to file netwerk/base/nsNetUtil.cpp.rej abort: patch command failed: exited with status 256

Flags: needinfo?(streich.mobile)

Hey! Sorry about that, rebased and updated the revision :)

Flags: needinfo?(streich.mobile)
Keywords: checkin-needed

Pushed by rmaries@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/15846b81170a
Add a Console Message for XTCO-Nosniff r=ckerschb

Keywords: checkin-needed
Status: ASSIGNED → RESOLVED
Closed: 3 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla70
You need to log in before you can comment on or make changes to this bug.