Closed Bug 1576206 Opened 4 months ago Closed 3 months ago

CSP errors on about:sessionrestore

Categories

(Core :: DOM: Security, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla70
Tracking Status
firefox-esr60 --- unaffected
firefox-esr68 --- unaffected
firefox68 --- unaffected
firefox69 --- unaffected
firefox70 --- fixed

People

(Reporter: Gijs, Assigned: sstreich)

References

(Regression)

Details

(Keywords: regression)

Attachments

(1 file)

There are 2 instances of CSP errors when loading an about:sessionrestore instance that has session data. I'm not sure what's triggering them, the devtools console only tells you it's from about:sessionrestore, which is no use. Unfortunately bug 1575620 makes it tricky to repeatedly reproduce, but Christoph, any chance you can investigate when you're back?

No longer blocks: 1497209
Regressed by: 1497209

With the CSP in about:sessionrestore [1] we disallow any inline Script/Style yet we're trying to add some inline z-index in the <xul:treeview>
As the inline style was added in the same patch as the csp, (and also got blocked since then) i guess we can just remove it?

[1] https://searchfox.org/mozilla-central/source/browser/components/sessionstore/content/aboutSessionRestore.xhtml#14
[2] https://searchfox.org/mozilla-central/source/toolkit/content/widgets/tree.js#603

Assignee: nobody → sstreich
Keywords: checkin-needed

Pushed by gijskruitbosch@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/1fd9a3f8f130
Remove inline Style that causes CSP Violations r=Gijs

Keywords: checkin-needed
Status: NEW → RESOLVED
Closed: 3 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla70
You need to log in before you can comment on or make changes to this bug.