Closed
Bug 1729897
Opened 3 years ago
Closed 3 years ago
CSP Upgrade-insecure-requests is upgrading localhost websocket
Categories
(Core :: Networking: WebSockets, defect, P2)
Tracking
()
RESOLVED
FIXED
94 Branch
| Tracking | Status | |
|---|---|---|
| firefox94 | --- | fixed |
People
(Reporter: nathan.stump, Assigned: valentin)
Details
(Whiteboard: [necko-triaged])
Attachments
(2 files)
Screen Shot 2021-09-09 at 5.50.50 AM.png
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Firefox/91.0
Steps to reproduce:
- Added 'upgrade-insecure-requests' field to CSP.
- Tested web application that uses websocket protocol.
Actual results:
upgrade-insecure-requests changed all websocket requests to secure websockets
Expected results:
Upgrade-insecure-requests CSP is not expected to take action on localhost as it is considered a secure context.
|
||
Comment 1•3 years ago
|
||
The Bugbug bot thinks this bug should belong to the 'Core::Networking: WebSockets' component, and is moving the bug to that component. Please revert this change in case you think the bot is wrong.
Component: Untriaged → Networking: WebSockets
Product: Firefox → Core
|
Assignee | |
Comment 2•3 years ago
|
||
Seems like an easy enough fix.
Assignee: nobody → valentin.gosu
Severity: -- → S3
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Priority: -- → P2
Whiteboard: [necko-triaged]
|
|
Assignee | |
Comment 3•3 years ago
|
||
Pushed by valentin.gosu@gmail.com: https://hg.mozilla.org/integration/autoland/rev/25aecdb5f791 CSP Upgrade-insecure-requests is upgrading localhost websocket r=necko-reviewers,dragana
|
||
Comment 5•3 years ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
status-firefox94:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 94 Branch
You need to log in
before you can comment on or make changes to this bug.
Description
•