Closed Bug 1592651 Opened 5 years ago Closed 5 years ago

Disable Pref respect_document_nosniff for Firefox 71

Categories

(Core :: DOM: Security, task, P1)

Product:
Core
Component:
DOM: Security
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla72
Tracking Flags:
Tracking Status
firefox71 + fixed
firefox72 --- fixed

People

(Reporter: sstreich, Assigned: sstreich)

References

Details

(Whiteboard: [domsecurity-active])

Attachments

(1 file)

Bug 1592651 Disable Pref respect_document_nosniff for Firefox 71 r=ckerschb
47 bytes, text/x-phabricator-request
RyanVM
: approval-mozilla-beta+
Details | Review

Firefox 71 was supposed to support X-Content-Type-Options Nosniff for Document Loads by default. The 71 Nightly cycle we noticed some major breakage with a few sites (e.g. Bug 1582671 ) which was caused because of our implementation being to strict.
Currently we have agreed to soften our implementation and observe potential breakage in Bug 1591932, which would ship in 72.
So there is no use in the strict implementation to be enabled for ff 71.

Assignee: nobody → sstreich
Status: NEW → ASSIGNED
Priority: -- → P1
Whiteboard: [domsecurity-active]
Pushed by apavel@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/e66da643d9bc
Disable Pref respect_document_nosniff for Firefox 71 r=ckerschb

https://hg.mozilla.org/mozilla-central/rev/e66da643d9bc

Status: ASSIGNED → RESOLVED
Closed: 5 years ago
status-firefox72: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla72

Comment on attachment 9105281 [details]
Bug 1592651 Disable Pref respect_document_nosniff for Firefox 71 r=ckerschb

Beta/Release Uplift Approval Request

  • User impact if declined: Currently on beta Pages with Content-Type: "none"/ "*" and X-Content-Type-Options: Nosniff
    are broken. This Patch disables the No-sniff Code which is responsible.
  • Is this code covered by automated tests?: Yes
  • Has the fix been verified in Nightly?: Yes
  • Needs manual test from QE?: No
  • If yes, steps to reproduce:
  • List of other uplifts needed: None
  • Risk to taking this patch: Low
  • Why is the change risky/not risky? (and alternatives if risky): Low as we're just flipping the pref to disable nosniff, as we did in ff 70.
  • String changes made/needed:
Attachment #9105281 - Flags: approval-mozilla-beta?
Regressions: 1592975

Comment on attachment 9105281 [details]
Bug 1592651 Disable Pref respect_document_nosniff for Firefox 71 r=ckerschb

Disables a feature which isn't ready to ship yet in 71. Approved for 71.0b7.

Attachment #9105281 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
See Also: → 1587448
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: