Closed
Bug 1785871
Opened 3 years ago
Closed 3 years ago
support base64url format for CSP hash sources
Categories
(Core :: DOM: Security, task)
Core
DOM: Security
Tracking
()
RESOLVED
FIXED
106 Branch
| Tracking | Status | |
|---|---|---|
| firefox106 | --- | fixed |
People
(Reporter: dveditz, Assigned: freddy)
References
(Blocks 1 open bug)
Details
(Whiteboard: [domsecurity-active], [wptsync upstream])
Attachments
(2 files)
CSP level 3 has added support for hash sources in base64url format. In § 6.6.3.3. Does element match source list for type and source? step 5.2.5.2 says
Let expected be expression’s base64-value part, with all '-' characters replaced with '+', and all '_' characters replaced with '/'.
Note: This replacement normalizes hashes expressed in base64url encoding into base64 encoding for matching.
doing the character replacement could easily be done in the nsCPSHash constructor and everything after that should work just fine.
|
Reporter | |
Updated•3 years ago
|
See Also: → https://github.com/w3c/webappsec-csp/issues/560
|
Assignee | |
Comment 1•3 years ago
|
||
|
|
Assignee | |
Comment 2•3 years ago
|
||
Depends on D155218
|
||
Updated•3 years ago
|
Assignee: nobody → fbraun
Attachment #9290903 -
Attachment description: WIP: Bug 1785871 - CSP: normalize base64url encoded sources into normal base64 r?ckerschb → Bug 1785871 - CSP: normalize base64url encoded sources into normal base64 r?ckerschb
Status: NEW → ASSIGNED
|
|
||
Updated•3 years ago
|
Attachment #9290917 -
Attachment description: WIP: Bug 1785871 - test to wpt for base64url to base64 conversion r?ckerschb → Bug 1785871 - test to wpt for base64url to base64 conversion r?ckerschb
|
|
Assignee | |
Updated•3 years ago
|
Whiteboard: [domsecurity-active]
Pushed by fbraun@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/bbb08887b03a
CSP: normalize base64url encoded sources into normal base64 r=ckerschb,tjr
https://hg.mozilla.org/integration/autoland/rev/eafc62485890
test to wpt for base64url to base64 conversion r=ckerschb
Created web-platform-tests PR https://github.com/web-platform-tests/wpt/pull/35601 for changes under testing/web-platform/tests
Whiteboard: [domsecurity-active] → [domsecurity-active], [wptsync upstream]
|
||
Comment 5•3 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/bbb08887b03a
https://hg.mozilla.org/mozilla-central/rev/eafc62485890
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
status-firefox106:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 106 Branch
Upstream PR merged by moz-wptsync-bot
You need to log in
before you can comment on or make changes to this bug.
Description
•