Open Bug 1607403 Opened 6 years ago Updated 3 years ago

Reshuffle secure context prefs

Categories

(Core :: DOM: Security, enhancement, P3)

Product:
Core
Component:
DOM: Security
Type:
enhancement

Tracking

()

People

(Reporter: jkt, Unassigned)

Details

(Whiteboard: [domsecurity-backlog1])

Attachments

(1 file)

Bug 1607403 - WIP pref cleanup
47 bytes, text/x-phabricator-request
Details | Review

I would like this bug to clean up:
dom.securecontext.whitelist
dom.securecontext.whitelist_onions

  • Renaming whitelist to allowlist as it is more culturally accepting.
  • Migrate data from prefs
  • Making dom.securecontext.allowlist static as we don't need changes to be instant and the code is paying the cost.
  • Remove security.mixed_content.block_active_content and security.mixed_content.block_display_content as they are covered already by the allowlist last time we checked there was a high adoption of these prefs and it's a pretty big footgun.
  • Make security.mixed_content.block_object_subrequest and security.mixed_content.upgrade_display_content static as they won't change often either

Oddly static string prefs don't seem to compile at the moment.

Type: task → enhancement
Priority: -- → P2
Whiteboard: [domsecurity-active]

After let-localhost-be-localhost bug we should also consider "network.proxy.allow_hijacking_localhost" to be renamed to something relating to "unsafe" or "insecure" also.

The bug assignee didn't login in Bugzilla in the last 7 months.
:ckerschb, could you have a look please?
For more information, please visit auto_nag documentation.

Assignee: jonathan → nobody
Status: ASSIGNED → NEW
Flags: needinfo?(ckerschb)

This would be nice, but backlog is fine for now.

Flags: needinfo?(ckerschb)
Priority: P2 → P3
Whiteboard: [domsecurity-active] → [domsecurity-backlog1]
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: