Closed Bug 1581611 Opened 3 months ago Closed Last month

Support the content_scripts value in the content_security_policy dictionary

Categories

(WebExtensions :: General, enhancement, P2)

enhancement

Tracking

(firefox72 fixed)

RESOLVED FIXED
mozilla72
Tracking Status
firefox72 --- fixed

People

(Reporter: mixedpuppy, Assigned: mixedpuppy)

References

(Blocks 2 open bugs)

Details

Attachments

(2 files)

The "content_scripts" allows extensions to define a default csp for content scripts.

This WIP patch adds support for including content_scripts CSP in the extensions
manifest, along with all interfaces necessary to access the CSP value. This does not
implement actual use of the CSP for content scripts.

Priority: -- → P2
Blocks: 1587939
Blocks: 1588956
Blocks: 1588957
Pushed by scaraveo@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/a56f917583a6
Part 1: add content_scripts to the extension content_security_policy r=rpl,bzbarsky
https://hg.mozilla.org/integration/autoland/rev/53390b20df64
Part 2: apply content script csp r=robwu,ckerschb
Status: NEW → RESOLVED
Closed: Last month
Resolution: --- → FIXED
Target Milestone: --- → mozilla72
Assignee: nobody → mixedpuppy

Hello,

Will this fix require manual validation? If yes, please provide some steps to reproduce in order to correctly test it and also, please set the "qe-verify+" flag. Otherwise, could the "qe-verify-" flag be added? Thanks!

Flags: needinfo?(mixedpuppy)

There are tests

Flags: needinfo?(mixedpuppy) → qe-verify-
Depends on: 1600390
You need to log in before you can comment on or make changes to this bug.