Closed
Bug 1954773
Opened 1 month ago
Closed 27 days ago
Wildcard as source does not include data:, need to update our chrome: CSPs
Categories
(Core :: DOM: Security, defect)
Core
DOM: Security
Tracking
()
RESOLVED
FIXED
138 Branch
| Tracking | Status | |
|---|---|---|
| firefox-esr115 | --- | unaffected |
| firefox-esr128 | --- | unaffected |
| firefox136 | --- | wontfix |
| firefox137 | --- | wontfix |
| firefox138 | --- | fixed |
People
(Reporter: tschuster, Assigned: tschuster)
References
(Blocks 1 open bug, Regression)
Details
(Keywords: regression)
Attachments
(1 file)
I have to admit, I had forgotten that the wildcard (*) as a source does not include data: URLs. We use wildcard sources in pageInfo.xhtml and syncedtabs/sidebar.xhtml. Those need to be updated to include data: explicitly...
For both of these cases we will just break some minor functionality , so I don't think we need to uplift this. (In my experience it's already not uncommon for Page Info to not display images)
|
Assignee | |
Updated•1 month ago
|
Summary: Wildcard as source does not include data:, need to update our CSPs → Wildcard as source does not include data:, need to update our chrome: CSPs
|
|
Assignee | |
Updated•1 month ago
|
Assignee: nobody → tschuster
|
|
Assignee | |
Updated•1 month ago
|
status-firefox136:
--- → wontfix
status-firefox137:
--- → wontfix
|
|
Assignee | |
Comment 1•1 month ago
|
||
Pushed by tschuster@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/247792694384
Explicitly include data: in additon to the wildcard in CSP sources for chrome: pages. r=simonf
Status: NEW → RESOLVED
Closed: 27 days ago
status-firefox138:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 138 Branch
|
||
Updated•22 days ago
|
status-firefox-esr115:
--- → unaffected
status-firefox-esr128:
--- → unaffected
You need to log in
before you can comment on or make changes to this bug.
Description
•