Open Bug 1974067 Opened 6 months ago Updated 5 months ago

Investigate CSP passed to loadSearchFromCommandLine

Categories

(Firefox :: Search, task, P3)

Product:
Firefox
Component:
Search
Type:
task

Tracking

()

People

(Reporter: fkilic, Unassigned)

References

Details

(Whiteboard: [sng])

As :gijs noted in https://phabricator.services.mozilla.com/D250286#inline-1400220

Not a new thing, but I don't really understand why this would be the correct CSP/policy to apply to the load. If this has come from the commandline, there is no reason that the currently-selected-page's policy/CSP should apply to it.

This param is ancient, cf. https://searchfox.org/mozilla-central/rev/ec8a326713f60dec138a3e3383b03ac739870fc7/browser/components/BrowserContentHandler.sys.mjs#602-606 having blame from bug 341405 (2006, when we were using CVS for version control...) but let's file a separate bug for this as it would appear based on https://bugzilla.mozilla.org/show_bug.cgi?id=1667577 that e.g. MS powertoys might be using it to call us.

(I noticed because https://searchfox.org/mozilla-central/rev/ec8a326713f60dec138a3e3383b03ac739870fc7/browser/components/search/test/browser/browser_contextSearchTabPosition.js#40,48 is even more bogus, and then I tried to work out what the callers of SearchUIUtils even were.)

We for some reason pass the current page's CSP into loadSearchFromCommandLine here. It looks odd, we should investigate it.

I think we would probably be fine to remove the CSP/Policy, though we should check that everything still works correctly.

Severity: -- → N/A
Priority: -- → P3
Whiteboard: [sng]
You need to log in before you can comment on or make changes to this bug.