Open Bug 1641189 Opened 4 years ago Updated 16 days ago

[meta] enable all systemprincipal restrictions by default

Categories

(Core :: DOM: Security, task, P3)

Product:
Core
Component:
DOM: Security
Type:
task

Tracking

()

Status:
ASSIGNED

People

(Reporter: freddy, Assigned: freddy)

References

(Depends on 5 open bugs)

Details

(Keywords: meta, Whiteboard: [domsecurity-meta])

No description provided.
Keywords: meta
Summary: enable systemprincipal restrictions by default (flip the pref security.cancel_non_local_systemprincipal to true) → [meta] enable systemprincipal restrictions by default (flip the pref security.cancel_non_local_systemprincipal to true)
Depends on: 1641190
Depends on: 1641192
Severity: -- → S3
Priority: -- → P3
Whiteboard: [domsecurity-meta]
Status: NEW → ASSIGNED
Depends on: 1639472
Depends on: 1644671
Depends on: 1651987
Depends on: 1697163
Depends on: 1699425
Blocks: 1708114
No longer blocks: 1708114
Depends on: 1708114
Depends on: 1725112
Depends on: 1732896
Depends on: 1733058
No longer depends on: 1733058

What's the status of this bug? I can't find this pref in searchfox, and some of these restrictions appear to be unconditionally enabled. Should this bug be closed?

Flags: needinfo?(fbraun)

I think we've moved away from a global flag and introduced restrictions bit by bit under https://bugzilla.mozilla.org/show_bug.cgi?id=1725112. I don't think we disallow all, so there's more that we could be restricting. It's been a bit of an uphill battle to find out what we can easily disallow and rewrite, given that we got mostly nothing on try but lots of violation through telemetry.

Flags: needinfo?(fbraun)
Summary: [meta] enable systemprincipal restrictions by default (flip the pref security.cancel_non_local_systemprincipal to true) → [meta] enable all systemprincipal restrictions by default
You need to log in before you can comment on or make changes to this bug.