Open Bug 1901492 Opened 3 months ago Updated 13 days ago

Add CSP support for Trusted Types for Workers

Categories

(Core :: DOM: Security, task)

Product:

Component:

Type:

task

Priority:

Not set

Severity:

N/A

Tracking

()

Status:

NEW

People

(Reporter: mbrodesser-Igalia, Unassigned)

References

(Blocks 2 open bugs)

Details

(Whiteboard: [domsecurity-backlog])

Mirko Brodesser (:mbrodesser-Igalia)

Reporter

Description

•

3 months ago

•

The Worker's method to obtain the connected CSP currently has to be called from the main thread: https://searchfox.org/mozilla-central/rev/cc01f11adfacca9cd44a75fd140d2fdd8f9a48d4/dom/workers/WorkerPrivate.h#908-909.

Hence Trusted types code running in a Worker thread can't directly call that method.

There's a thread-safe alternative (https://searchfox.org/mozilla-central/rev/cc01f11adfacca9cd44a75fd140d2fdd8f9a48d4/dom/workers/WorkerPrivate.h#9210) which might be usable with some extensions.

A sketch for some of the work: https://phabricator.services.mozilla.com/D210435 and a summary of a discussion around it (https://phabricator.services.mozilla.com/D210435#7223565).

Daniel Veditz [:dveditz]

Updated

•

3 months ago

Severity: -- → N/A

Whiteboard: [domsecurity-backlog]

Mirko Brodesser (:mbrodesser-Igalia)

Reporter

Updated

•

13 days ago

Blocks: 1916956

You need to log in before you can comment on or make changes to this bug.