Hardcode whitelist of about: pages where we can not apply a CSP
Categories
(Core :: DOM: Security, task)
Tracking
()
Tracking | Status | |
---|---|---|
firefox71 | --- | fixed |
People
(Reporter: ckerschb, Assigned: ckerschb)
References
Details
(Whiteboard: [domsecurity-active])
Attachments
(1 file)
There are some about: pages, like about:blank or about:sync-log where we can't apply a CSP. We should hardcode that whitelist inside the assertion code and remove the pref.
Assignee | ||
Updated•5 years ago
|
Assignee | ||
Comment 1•5 years ago
|
||
Pushed by mozilla@christophkerschbaumer.com: https://hg.mozilla.org/integration/autoland/rev/e2927c8227d9 Hardcode whitelist of about: pages where we can not apply a CSP. r=jkt
Comment 3•5 years ago
•
|
||
Backed out changeset e2927c8227d9 (bug 1578231) for Browser-chrome failures browser/base/content/test/performance/browser_preferences_usage.js
Log:
https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=265119104&repo=autoland&lineNumber=1091
Push with failures:
https://treeherder.mozilla.org/#/jobs?repo=autoland&revision=e2927c8227d979c75b7dd6621beb89a81c9b3ee7
Backout:
https://hg.mozilla.org/integration/autoland/rev/5eaae974bec9e71783b6ff026308928aaaffd565
Assignee | ||
Comment 4•5 years ago
|
||
(In reply to Dorel Luca [:dluca] from comment #3)
Backed out changeset e2927c8227d9 (bug 1578231) for Browser-chrome failures browser/base/content/test/performance/browser_preferences_usage.js
Dluca and/or Aryx, looking at the logs I think it's rather unlikely that my patch caused the problem. What's your take? I am missing something?
Comment 5•5 years ago
|
||
I posted the wrong log link, sorry for that.
Here is the correct one:
https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=265119104&repo=autoland&lineNumber=1091
Comment 6•5 years ago
|
||
browser/base/content/test/performance/browser_preferences_usage.js | csp.skip_about_page_has_csp_assert should not be accessed more than 40 times. - 42 <= 40 - JS frame :: chrome://mochitests/content/browser/browser/base/content/test/performance/browser_preferences_usage.js :: checkPrefGetters :: line 42
Hope this makes the connection more obvious.
Assignee | ||
Comment 7•5 years ago
|
||
(In reply to Sebastian Hengst [:aryx] (needinfo on intermittent or backout) from comment #6)
browser/base/content/test/performance/browser_preferences_usage.js | csp.skip_about_page_has_csp_assert should not be accessed more than 40 times. - 42 <= 40 - JS frame :: chrome://mochitests/content/browser/browser/base/content/test/performance/browser_preferences_usage.js :: checkPrefGetters :: line 42
Hope this makes the connection more obvious.
Thanks - that makes more sense. This pref is only accessed in debug builds, hence I whitelisted it for the test.
Pushed by mozilla@christophkerschbaumer.com: https://hg.mozilla.org/integration/autoland/rev/eb773bc46182 Hardcode whitelist of about: pages where we can not apply a CSP. r=jkt
Comment 9•5 years ago
|
||
bugherder |
Description
•