We should allow the use of relative URIs in policy-uri, since there are so many restrictions on it anyway, policies could be shortened by just specifying a path. For example, on a page at https://mysite.com/foo: X-Content-Security-Policy: policy-uri /lockdown.csp Would cause the policy to be loaded from https://mysite.com/lockdown.csp
Lifted URI-ification of selfUri out of the specific policy-uri parsing bit of the loop, and set selfUri as the base URI when parsing the policy uri.
Comment on attachment 450247 [details] [diff] [review] Proposed Patch r=bsterne
Comment on attachment 450247 [details] [diff] [review] Proposed Patch Please do not request approval until reviews are complete.
Comment on attachment 450247 [details] [diff] [review] Proposed Patch r=dveditz
Attachment #450247 - Flags: review?(dveditz) → review+
Attachment #450247 - Flags: approval2.0? → approval2.0+
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.