CSP errors on about:sessionrestore
Categories
(Core :: DOM: Security, defect)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox-esr60 | --- | unaffected |
| firefox-esr68 | --- | unaffected |
| firefox68 | --- | unaffected |
| firefox69 | --- | unaffected |
| firefox70 | --- | fixed |
People
(Reporter: Gijs, Assigned: sstreich)
References
(Regression)
Details
(Keywords: regression)
Attachments
(1 file)
There are 2 instances of CSP errors when loading an about:sessionrestore instance that has session data. I'm not sure what's triggering them, the devtools console only tells you it's from about:sessionrestore, which is no use. Unfortunately bug 1575620 makes it tricky to repeatedly reproduce, but Christoph, any chance you can investigate when you're back?
|
Reporter | |
Updated•5 years ago
|
|
Assignee | |
Comment 1•5 years ago
|
||
With the CSP in about:sessionrestore [1] we disallow any inline Script/Style yet we're trying to add some inline z-index in the <xul:treeview>
As the inline style was added in the same patch as the csp, (and also got blocked since then) i guess we can just remove it?
[1] https://searchfox.org/mozilla-central/source/browser/components/sessionstore/content/aboutSessionRestore.xhtml#14
[2] https://searchfox.org/mozilla-central/source/toolkit/content/widgets/tree.js#603
|
|
Assignee | |
Comment 2•5 years ago
|
||
|
|
Assignee | |
Updated•5 years ago
|
Pushed by gijskruitbosch@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/1fd9a3f8f130
Remove inline Style that causes CSP Violations r=Gijs
|
||
Comment 4•5 years ago
|
||
| bugherder | ||
|
||
Updated•5 years ago
|
|
||
Updated•2 years ago
|
Description
•