Closed Bug 1600174 Opened 10 months ago Closed 10 months ago

No longer open Mail Compose Window of ProtonMail

Categories

(Core :: DOM: Security, defect, P1)

72 Branch
Desktop
Windows 10
defect

Tracking

()

RESOLVED FIXED
mozilla72
Tracking Status
firefox-esr68 --- unaffected
firefox70 --- unaffected
firefox71 --- unaffected
firefox72 --- fixed

People

(Reporter: alice0775, Assigned: ckerschb)

References

(Regression)

Details

(Keywords: nightly-community, regression, Whiteboard: [domsecurity-active])

Attachments

(1 file)

Reproducible: always

Steps To Reproduce:

  1. Log in https://mail.protonmail.com/login
  2. Click [COMPOSE] button at the top-left

Actual Results:
Mail Compose Window would not open

Error in Web Condole:
Content Security Policy: Directive ‘child-src’ has been deprecated. Please use directive ‘worker-src’ to control workers, or directive ‘frame-src’ to control frames respectively. 2
Content Security Policy: Ignoring ‘x-frame-options’ because of ‘frame-ancestors’ directive.

Expected Results:
Mail Compose Window should open

Regression window:
https://hg.mozilla.org/integration/autoland/pushloghtml?fromchange=3bd3398c2f0c4a7853dec584457f4b71773718db&tochange=432a6d44236d2f6f5efd083fd14e0a1a0a34aa9e

I'll take a look.

Assignee: nobody → ckerschb
Status: NEW → ASSIGNED
Priority: -- → P1
Whiteboard: [domsecurity-active]
See Also: → 1600310

FWIW, I filed Bug 1600310 so we get test coverage for that scenario.

Pushed by dvarga@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/03e1c2a170f0
Only enfore CSP frame-ancestors check if the load comes from an actual http channel in content. r=smaug
Status: ASSIGNED → RESOLVED
Closed: 10 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla72
You need to log in before you can comment on or make changes to this bug.