Disable Pref respect_document_nosniff for Firefox 71
Categories
(Core :: DOM: Security, task, P1)
Tracking
()
People
(Reporter: sstreich, Assigned: sstreich)
References
Details
(Whiteboard: [domsecurity-active])
Attachments
(1 file)
47 bytes,
text/x-phabricator-request
|
RyanVM
:
approval-mozilla-beta+
|
Details | Review |
Firefox 71 was supposed to support X-Content-Type-Options Nosniff for Document Loads by default. The 71 Nightly cycle we noticed some major breakage with a few sites (e.g. Bug 1582671 ) which was caused because of our implementation being to strict.
Currently we have agreed to soften our implementation and observe potential breakage in Bug 1591932, which would ship in 72.
So there is no use in the strict implementation to be enabled for ff 71.
Assignee | ||
Updated•5 years ago
|
Assignee | ||
Comment 1•5 years ago
|
||
Updated•5 years ago
|
Pushed by apavel@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/e66da643d9bc Disable Pref respect_document_nosniff for Firefox 71 r=ckerschb
Comment 3•5 years ago
|
||
bugherder |
Assignee | ||
Comment 4•5 years ago
|
||
Comment on attachment 9105281 [details]
Bug 1592651 Disable Pref respect_document_nosniff for Firefox 71 r=ckerschb
Beta/Release Uplift Approval Request
- User impact if declined: Currently on beta Pages with
Content-Type: "none"/ "*"
andX-Content-Type-Options: Nosniff
are broken. This Patch disables the No-sniff Code which is responsible. - Is this code covered by automated tests?: Yes
- Has the fix been verified in Nightly?: Yes
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): Low as we're just flipping the pref to disable nosniff, as we did in ff 70.
- String changes made/needed:
Updated•5 years ago
|
Comment 5•5 years ago
|
||
Comment on attachment 9105281 [details]
Bug 1592651 Disable Pref respect_document_nosniff for Firefox 71 r=ckerschb
Disables a feature which isn't ready to ship yet in 71. Approved for 71.0b7.
Comment 6•5 years ago
|
||
bugherder uplift |
Comment 7•5 years ago
|
||
Updated the site compatibility note.
Comment 8•5 years ago
|
||
bugherder landing |
Description
•