Open
Bug 1935074
Opened 2 months ago
Updated 22 days ago
CSP is ignored for cached data
Categories
(Fenix :: PWA, defect)
Tracking
(Not tracked)
UNCONFIRMED
People
(Reporter: bugzilla, Unassigned)
Details
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:134.0) Gecko/20100101 Firefox/134.0
Steps to reproduce:
Trying to avoid having to "Install" PWAs, to keep my browser control goodness from home screen links.
- Load a website with a manifest.json for a PWA
- Setup uBlock Origin to inject a CSP for the site: manifest-src 'none'
- Load the same website with a manifest.json for a PWA
- Load the same website with a manifest.json for a PWA in a private tab.
Actual results:
- The Firefox menu invites me to "Add app to Home screen" and the resulting link hides the browser interface.
- Same result as 1)
- The Firefox menu invites me to "Add to Home screen" and the resulting link simply opens Firefox (Yay!)
Expected results:
- Should have respected the content security policy and not loaded the manifest from cache.
I realise this is all a bit contrived, and probably annoying, but it seems to me that Firefox should not load anything against the will of the site CSP, even though the CSP has just changed.
Comment 1•2 months ago
|
||
The severity field is not set for this bug.
:boek, could you have a look please?
For more information, please visit BugBot documentation.
Flags: needinfo?(jboek)
Updated•22 days ago
|
Severity: -- → S4
Flags: needinfo?(jboek)
You need to log in
before you can comment on or make changes to this bug.
Description
•