1946862 - Port bug 1940273: Add CSP meta tag

Status: RESOLVED FIXED

(Thunderbird :: Build Config, defect)

Comment 1

[Heather Ellsworth]

Attachment: Bug 1946862 - Port bug 1940273: Add CSP meta tag. r=aleca

Comment 2

[Intermittent Failures Robot]

Summary

35 failures in 976 pushes (0.036 failures/push) were associated with this bug yesterday.

Repository breakdown:

• comm-central: 35

Platform and build breakdown:

• linux1804-64-qr: 8
  • debug: 8
• macosx1015-64-qr: 5
  • debug: 5
• windows11-32-2009-qr: 7
  • debug: 7
• windows11-64-2009-qr: 15
  • debug: 15

Table

	msix	no_variant
linux1804-64-qr--/debug		8
macosx1015-64-qr--/debug		5
windows11-32-2009-qr--/debug		7
windows11-64-2009-qr--/debug	7	8

For more details, see:

https://treeherder.mozilla.org/intermittent-failures/bugdetails?bug=1946862&startday=2025-02-07&endday=2025-02-07&tree=all

Comment 3

[Heather Ellsworth]

Attachment: Bug 1946862 - Port bug 1940273: Temporarily ignore CSPs in Thunderbird. r=tschuster!,aleca!

Comment 4

[Geoff Lankow (:darktrojan)]

I'll take this from here and add the tags instead of an exception. Even if the most permissive tag is better than no tag, and puts us in control without having to get approval from somebody at Firefox HQ.

Comment 5

[Intermittent Failures Robot]

Summary

40 failures in 4309 pushes (0.009 failures/push) were associated with this bug in the last 7 days.

This is the #47 most frequent failure this week.

This failure happened more than 30 times this week! Resolving this bug is a high priority.

Try to resolve this bug as soon as possible. If unresolved for 2 weeks, the affected test(s) may be disabled.

Repository breakdown:

• comm-central: 40

Platform and build breakdown:

• linux1804-64-ccov-qr: 1
  • opt: 1
• linux1804-64-qr: 9
  • debug: 9
• macosx1015-64-qr: 6
  • debug: 6
• windows11-32-2009-qr: 8
  • debug: 8
• windows11-64-2009-qr: 16
  • debug: 16

Table

	msix	no_variant
linux1804-64-ccov-qr--/opt		1
linux1804-64-qr--/debug		9
macosx1015-64-qr--/debug		6
windows11-32-2009-qr--/debug		8
windows11-64-2009-qr--/debug	7	9

For more details, see:

https://treeherder.mozilla.org/intermittent-failures/bugdetails?bug=1946862&startday=2025-02-03&endday=2025-02-09&tree=all

Comment 6

[Geoff Lankow (:darktrojan)]

Attachment: Bug 1946862 - Add CSP meta tags to all windows that appear in tests. r=#thunderbird-reviewers

I've added tags to all of the XHTML files that cause an assertion failure in tests. I've not added
tags to the files that don't. This should provide a good indication of windows we don't have test
coverage of.

I've tried to handle the implications of adding a CSP. There will surely be places I missed.
If a document has inline styles, or contains one of the XUL menu elements, I added unsafe-inline
to the policy, otherwise I didn't.

Comment 7

[Magnus Melin [:mkmelin]]

I've not added tags to the files that don't.

Won't that make debug builds unusable for such areas? Might be better to add a greppable comment about missing test coverage.

Comment 8

[Geoff Lankow (:darktrojan)]

Attachment: Bug 1946862 - Add CSP meta tags to all windows that don't appear in tests. r=#thunderbird-reviewers

These tags were added programmatically and I haven't checked all of the windows to see if they still work.

Comment 9

[Pulsebot]

Pushed by mkmelin@iki.fi:
https://hg.mozilla.org/comm-central/rev/3cb85afec9d6
Add CSP meta tags to all windows that don't appear in tests. r=mkmelin
https://hg.mozilla.org/comm-central/rev/7a94400ed8f1
Add CSP meta tags to all windows that appear in tests. r=mkmelin