Closed
Bug 555068
Opened 14 years ago
Closed 14 years ago
csp frame ancestor restrictions should not be enforced unless specified
Categories
(Core :: DOM: Core & HTML, defect, P3)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
FIXED
People
(Reporter: geekboy, Assigned: geekboy)
Details
Attachments
(1 file)
4.32 KB,
patch
|
dveditz
:
review+
|
Details | Diff | Splinter Review |
The frame-ancestors directive should not inherit from the "allow" directive in CSP as per the spec. This way sites "opt in" to blocking sites from framing them.
Assignee | ||
Comment 1•14 years ago
|
||
Attached is a patch including the fix and updated xpcshell tests for the new behavior. Updated the spec (wiki/Security/CSP/Specification) to reflect the changes too.
Attachment #447590 -
Flags: review?
Assignee | ||
Updated•14 years ago
|
Attachment #447590 -
Flags: review? → review?(dveditz)
Comment 2•14 years ago
|
||
Comment on attachment 447590 [details] [diff] [review] Proposed Fix r=dveditz, looks good.
Attachment #447590 -
Flags: review?(dveditz) → review+
Comment 3•14 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/5eca1ddd02d6
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•