Open Bug 1787155 Opened 3 years ago Updated 2 years ago

[meta] Support modification of security-related headers in MV3

Tracking

(Not tracked)

Status:

NEW

People

(Reporter: robwu, Unassigned)

References

(Depends on 1 open bug, Blocks 1 open bug)

Details

(Keywords: meta)

Rob Wu [:robwu]

Reporter

Description

•

3 years ago

We are restricting the ability to modify security-sensitive HTTP headers by extensions (bug 1785821 and bug 1786919), to prevent extensions from downgrading the security of the websites that a user is visiting. This restriction affects extensions that need to modify security headers to function, so this bug exists to track use cases and improvements to support these extensions.

Rob Wu [:robwu]

Reporter

Updated

•

3 years ago

Depends on: 1787179

Luca Greco [:rpl] [:luca] [:lgreco]

Updated

•

3 years ago

Severity: -- → N/A

Keywords: meta

Priority: -- → P3

Summary: Support modification of security-related headers in MV3 → [meta] Support modification of security-related headers in MV3

sdaniele3

Comment 1

•

2 years ago

I'd like the ability to strip out reporting from these headers. Or for Bug 1409714 / Bug 1588957 to be implemented. 1409714 is probably easier.

You need to log in before you can comment on or make changes to this bug.

Bugzilla

[meta] Support modification of security-related headers in MV3

Categories

(WebExtensions :: Request Handling, enhancement, P3)

Tracking

(Not tracked)

People

(Reporter: robwu, Unassigned)

References

(Depends on 1 open bug, Blocks 1 open bug)

Details

(Keywords: meta)

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Comment 1