Coalesce CSP error reports (Thousands of request being initiated when opening a page)
Categories
(Core :: DOM: Security, enhancement, P3)
Tracking
()
People
(Reporter: jya, Unassigned)
References
(Blocks 1 open bug, )
Details
(Whiteboard: [domsecurity-backlog3])
When you open https://webkit.googlesource.com/WebKit/+/master/Source/WebKit/ChangeLog
Firefox slows to a crawl, the UI stops responding and everything becomes extremely sluggish for over 20s on my machine.
Looking in devtools network request; you can see in excess of 20,000 POST http requests for csp which are being denied.
Opening the same page in Chrome loads within a couple of seconds with 10 http requests total (the main one being 690kB in size)
![]() |
||
Comment 1•4 years ago
|
||
This comes from nsCSPContext::SendReports
scheduled from nsCSPContext::AsyncReportViolation
. This produces an overwhelming amount of requests to https://csp.withgoogle.com/csp/gerritcodereview/1
. It's triggered by setting 'onclick' attribute on each table cell to window.location.hash='#...
where ... is the linenumber.
This is not a networking bug, moving to DOM:Sec. This either needs to be limited or somehow coalesced.
Comment 2•4 years ago
|
||
The severity field is not set for this bug.
:ckerschb, could you have a look please?
For more information, please visit auto_nag documentation.
Updated•4 years ago
|
Updated•1 year ago
|
Updated•1 year ago
|
Description
•