A page's CSP base-uri affects pdf.js
Categories
(Core :: DOM: Security, defect, P1)
Tracking
()
Tracking | Status | |
---|---|---|
firefox78 | --- | fixed |
People
(Reporter: ckerschb, Assigned: ckerschb)
References
Details
(Whiteboard: [domsecurity-active])
Attachments
(1 file)
Within Bug 1582115 we fixed the problem that a page's CSP script-src directive affects pdf.js. It seems a page's base-uri might also affect a pdf.js but uses a different code path within Firefox. While Bug 1582115 was uplifted to Beta, the change here requires some refactoring which is probably to worry-some to uplift that close to the end of the cycle. I rather fix the base-uri problem within this bug as a follow up to Bug 1582115
Assignee | ||
Comment 1•4 years ago
|
||
Comment 3•4 years ago
|
||
Backed out for wpt failure on form-action-src-javascript-blocked.sub.html
Backout link: https://hg.mozilla.org/integration/autoland/rev/90b6e0e32402202184bd54e196262d4d99c6f1e8
Log link: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=303601769&repo=autoland&lineNumber=1574
Assignee | ||
Comment 4•4 years ago
|
||
huh, rock solid we have that test - I'll take a look!
Updated•4 years ago
|
Comment 6•4 years ago
|
||
bugherder |
Description
•