Closed
Bug 1957424
Opened 17 days ago
Closed 10 days ago
Allow specifying the full URL in `connect-src` for about pages
Categories
(Core :: DOM: Security, enhancement)
Core
DOM: Security
Tracking
()
RESOLVED
INCOMPLETE
People
(Reporter: julienw, Unassigned)
References
Details
From bug 1803607:
I wanted to specify https://api.profiler.firefox.com as a URL in connect-src, but this was by default forbidden due to bug 1895770.
Tom answered my question with:
You can use connect-src https: and add the URL about:logging to the sConnectSrcHttpsAllowList. I can also provide a patch that would make it possible use the whole URL as a source for connect-src.
This bug is for the last sentence.
After doing it it would be good to change the CSP of about:logging in case it's set to https:.
|
Reporter | |
Updated•16 days ago
|
Component: DOM: Selection → DOM: Security
|
|
Reporter | |
Comment 1•10 days ago
|
||
The patch https://phabricator.services.mozilla.com/D243676 in bug 1803607 fixes this.
|
||
Updated•10 days ago
|
Status: NEW → RESOLVED
Closed: 10 days ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•