Closed
Bug 1584991
(fission-dom-security)
Opened 5 years ago
Closed 2 years ago
[meta] Fission and DOM:Security
Categories
(Core :: DOM: Security, task)
Core
DOM: Security
Tracking
()
RESOLVED
FIXED
Fission Milestone | Future |
People
(Reporter: ckerschb, Assigned: ckerschb)
References
(Depends on 1 open bug, Blocks 1 open bug)
Details
(Keywords: meta, Whiteboard: [domsecurity-meta])
It seems that fission breaks a variety of content security features. At least:
- mixed content blocking
- upgrade-insecure-requests
- same-site cookies
- CSP frame-ancestors
- X-frame-options
- ...
Assignee | ||
Updated•5 years ago
|
Assignee: nobody → ckerschb
Status: NEW → ASSIGNED
Type: defect → task
Assignee | ||
Updated•5 years ago
|
Alias: fission-dom-security
Updated•5 years ago
|
Blocks: fission-mochitests
Assignee | ||
Comment 1•5 years ago
|
||
Overall, we should check all appearances of 'docSheel' within dom/security. Good things to query for:
- GetDocShell()
- nsIDocShell
- GetInProcessSameTypeRootTreeItem()
All these need to be evaluated at least.
Updated•5 years ago
|
Updated•5 years ago
|
Fission Milestone: --- → M4.1
Comment 3•4 years ago
|
||
Moving this meta bug to Fission milestone M6c as a reminder to make sure there are no open DOM Security issues before we enable Fission in Nightly.
Fission Milestone: M6 → M6c
Updated•4 years ago
|
Fission Milestone: M6c → Future
Assignee | ||
Updated•2 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•