Open Bug 1572226 Opened 5 years ago Updated 11 months ago

Implement custom policies for experimental protocol API


(WebExtensions :: Experiments, enhancement, P3)



(Not tracked)


(Reporter: irakli, Unassigned)


(Blocks 1 open bug, )


In the current phase of experiment it seems best to keep protocols isolated from http / https & possibly each other. Which as per conversation with :bz requires implementing custom policies:

1:13 PM Irakli Gozalishvili bz: btw that combination of flags also allows loading embedding http content is it possible to prevent that ?
1:13 PM B<•bz> You want your protocol to not be able to load http:?
1:15 PM G Irakli Gozalishvili bz: I don’t want to disallow links to http but I do not want to allow embedding images or other things that would touch network
1:15 PM or at least have some way to control that
1:15 PM B<•bz> Use CSP?
1:16 PM G Irakli Gozalishvili bz: You mean through headers ?
1:16 PM B<•bz> or
1:16 PM or some other mechanism, if we have something else...
1:17 PM G Irakli Gozalishvili bz: It needs to be default, not opt-in, and headers isn’t viable as far as I can tell as channel from custom protocol isn’t nsIHTTPChannel
1:18 PM G Irakli Gozalishvili I think if scheme isn’t http(s) channel is never queried to nsIHttpChannel
1:18 PM <•bz> might need backend work...
1:18 PM You could also implement a content policy, of course
1:18 PM to get the same effect
1:19 PM G Irakli Gozalishvili bz: can you provide more context or pointers, I’m not sure how would I do that
1:19 PM referring to implementing content policy
1:19 PM B<•bz>
1:20 PM may have some examples of how to hook it up
1:20 PM Then you get notified when loads happen
1:20 PM and can decide whether to allow or not
1:20 PM B<•bz> based on what's being loaded and by whom and so forth

Priority: -- → P3
Severity: normal → S3

Daftar harga yang ditawarkan oleh rental mobil bandara soekarno hatta top terbaik 1, cukup kompetitip untuk dijangkau seluruh masyarakat.

You need to log in before you can comment on or make changes to this bug.