Open Bug 1990175 Opened 2 months ago

Font CSP in about pages will trigger an assert in debug builds

Categories

(Core :: DOM: Security, enhancement)

Product:
Core
Component:
DOM: Security
Type:
enhancement

Tracking

()

People

(Reporter: pierov, Unassigned)

References

Details

Bug 1895770 made CSP checks stricter.
However, downstream at Tor Browser sometimes we add embedded fonts, and we add a relative CSP for it.
So, we noticed that there isn't a CSP visitor for them, and this trigger this assertion.
So, I think it'd be nice if a visitor for fonts was added, but I don't think fonts are ever embedded on Firefox, so feel free to close as invalid.

You need to log in before you can comment on or make changes to this bug.