Closed Bug 1581611 Opened 2 years ago Closed 2 years ago

Support the content_scripts value in the content_security_policy dictionary

Tracking

(firefox72 fixed)

Status:

RESOLVED FIXED

Milestone:

mozilla72

Tracking Flags:

Tracking

Status

firefox72

---

fixed

People

(Reporter: mixedpuppy, Assigned: mixedpuppy)

References

(Blocks 2 open bugs)

Details

Attachments

(2 files)

Bug 1581611 Part 1: add content_scripts to the extension content_security_policy 2 years ago Shane Caraveo (:mixedpuppy) 47 bytes, text/x-phabricator-request		Details \| Review
Bug 1581611 Part 2: apply content script csp 2 years ago Shane Caraveo (:mixedpuppy) 47 bytes, text/x-phabricator-request		Details \| Review

Shane Caraveo (:mixedpuppy)

Assignee

Description

•

2 years ago

The "content_scripts" allows extensions to define a default csp for content scripts.

Shane Caraveo (:mixedpuppy)

Assignee

Comment 1

•

2 years ago

Attached file Bug 1581611 Part 1: add content_scripts to the extension content_security_policy — Details

This WIP patch adds support for including content_scripts CSP in the extensions
manifest, along with all interfaces necessary to access the CSP value. This does not
implement actual use of the CSP for content scripts.

Shane Caraveo (:mixedpuppy)

Assignee

Updated

•

2 years ago

Priority: -- → P2

Shane Caraveo (:mixedpuppy)

Assignee

Comment 2

•

2 years ago

•

2 years ago

https://treeherder.mozilla.org/#/jobs?repo=try&revision=fe275de6b514d38ef140e2ed1aaf04b9e9d09c2d

Pulsebot

Comment 5

•

2 years ago

Pushed by scaraveo@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/a56f917583a6
Part 1: add content_scripts to the extension content_security_policy r=rpl,bzbarsky
https://hg.mozilla.org/integration/autoland/rev/53390b20df64
Part 2: apply content script csp r=robwu,ckerschb

Bogdan Tara[:bogdan_tara | bogdant]

Comment 6

•

2 years ago

bugherder

https://hg.mozilla.org/mozilla-central/rev/a56f917583a6
https://hg.mozilla.org/mozilla-central/rev/53390b20df64

Status: NEW → RESOLVED

Closed: 2 years ago

status-firefox72: --- → fixed

Resolution: --- → FIXED

Target Milestone: --- → mozilla72

Release mgmt bot [:sylvestre / :calixte / :marco for bugbug]

Updated

•

2 years ago

Assignee: nobody → mixedpuppy

Miruna Curtean

Comment 7

•

2 years ago

Hello,

Will this fix require manual validation? If yes, please provide some steps to reproduce in order to correctly test it and also, please set the "qe-verify+" flag. Otherwise, could the "qe-verify-" flag be added? Thanks!

Flags: needinfo?(mixedpuppy)

Shane Caraveo (:mixedpuppy)

Assignee

Comment 8

•

2 years ago

There are tests

Flags: needinfo?(mixedpuppy) → qe-verify-

Nihanth Subramanya [:nhnt11]

Updated

•

2 years ago

Depends on: 1600390

Shane Caraveo (:mixedpuppy)

Assignee

Updated

•

2 years ago

Duplicate of this bug: 1355213

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Support the content_scripts value in the content_security_policy dictionary

Categories

(WebExtensions :: General, enhancement, P2)

Tracking

(firefox72 fixed)

People

(Reporter: mixedpuppy, Assigned: mixedpuppy)

References

(Blocks 2 open bugs)

Details

Crash Data

Security

(public)

User Story

Attachments

(2 files)

Description

Comment 1

Updated

Comment 2

Updated

Updated

Updated

Updated

Comment 3

Comment 4

Comment 5

Comment 6

Updated

Comment 7

Comment 8

Updated

Updated