Support the content_scripts value in the content_security_policy dictionary
Categories
(WebExtensions :: General, enhancement, P2)
Tracking
(firefox72 fixed)
Tracking | Status | |
---|---|---|
firefox72 | --- | fixed |
People
(Reporter: mixedpuppy, Assigned: mixedpuppy)
References
(Blocks 2 open bugs)
Details
Attachments
(2 files)
The "content_scripts" allows extensions to define a default csp for content scripts.
Assignee | ||
Comment 1•5 years ago
|
||
This WIP patch adds support for including content_scripts CSP in the extensions
manifest, along with all interfaces necessary to access the CSP value. This does not
implement actual use of the CSP for content scripts.
Assignee | ||
Updated•5 years ago
|
Assignee | ||
Comment 2•5 years ago
|
||
Assignee | ||
Comment 3•5 years ago
|
||
Assignee | ||
Comment 4•5 years ago
|
||
Comment 6•5 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/a56f917583a6
https://hg.mozilla.org/mozilla-central/rev/53390b20df64
Updated•5 years ago
|
Comment 7•5 years ago
|
||
Hello,
Will this fix require manual validation? If yes, please provide some steps to reproduce in order to correctly test it and also, please set the "qe-verify+" flag. Otherwise, could the "qe-verify-" flag be added? Thanks!
Comment 10•3 years ago
|
||
The content_security_policy.content_scripts
key got removed in a patch to bug 1594234, https://hg.mozilla.org/mozilla-central/rev/4baef7adb4a4576fa743792179f62794a5f6f1e0 with the following comment:
Support for content_security_policy.isolated_world (a.k.a. content_security_policy.content_scripts)
has been removed for consistency with
https://chromium.googlesource.com/chromium/src.git/+/345390adf6505881f84da2351c3e4fc1b06dac26%5E%21/
Description
•