Open
Bug 1641189
Opened 5 years ago
Updated 8 months ago
[meta] enable all systemprincipal restrictions by default
Categories
(Core :: DOM: Security, task, P3)
Core
DOM: Security
Tracking
()
ASSIGNED
People
(Reporter: freddy, Assigned: freddy)
References
(Depends on 5 open bugs)
Details
(Keywords: meta, Whiteboard: [domsecurity-meta])
No description provided.
Assignee | ||
Updated•5 years ago
|
Keywords: meta
Summary: enable systemprincipal restrictions by default (flip the pref security.cancel_non_local_systemprincipal to true) → [meta] enable systemprincipal restrictions by default (flip the pref security.cancel_non_local_systemprincipal to true)
Updated•5 years ago
|
Severity: -- → S3
Priority: -- → P3
Whiteboard: [domsecurity-meta]
Updated•5 years ago
|
Status: NEW → ASSIGNED
Assignee | ||
Updated•3 years ago
|
Comment 1•1 year ago
|
||
What's the status of this bug? I can't find this pref in searchfox, and some of these restrictions appear to be unconditionally enabled. Should this bug be closed?
Flags: needinfo?(fbraun)
Assignee | ||
Comment 2•8 months ago
|
||
I think we've moved away from a global flag and introduced restrictions bit by bit under https://bugzilla.mozilla.org/show_bug.cgi?id=1725112. I don't think we disallow all, so there's more that we could be restricting. It's been a bit of an uphill battle to find out what we can easily disallow and rewrite, given that we got mostly nothing on try but lots of violation through telemetry.
Flags: needinfo?(fbraun)
Summary: [meta] enable systemprincipal restrictions by default (flip the pref security.cancel_non_local_systemprincipal to true) → [meta] enable all systemprincipal restrictions by default
You need to log in
before you can comment on or make changes to this bug.
Description
•