Closed Bug 558429 Opened 14 years ago Closed 14 years ago

CSP policy-uri should accept relative URIs

Categories

(Core :: DOM: Core & HTML, enhancement)

Product:
Core
Component:
DOM: Core & HTML
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: geekboy, Assigned: geekboy)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

Proposed Patch
5.77 KB, patch
bsterne
: review+
dveditz
: review+
jst
: approval2.0+
Details | Diff | Splinter Review 
We should allow the use of relative URIs in policy-uri, since there are so many restrictions on it anyway, policies could be shortened by just specifying a path.  For example, on a page at https://mysite.com/foo:

X-Content-Security-Policy: policy-uri /lockdown.csp

Would cause the policy to be loaded from https://mysite.com/lockdown.csp
Attached patch Proposed PatchSplinter Review 
Lifted URI-ification of selfUri out of the specific policy-uri parsing bit of the loop, and set selfUri as the base URI when parsing the policy uri.
Attachment #450247 - Flags: review?(bsterne)
Comment on attachment 450247 [details] [diff] [review]
Proposed Patch

r=bsterne
Attachment #450247 - Flags: review?(dveditz)
Attachment #450247 - Flags: review?(bsterne)
Attachment #450247 - Flags: review+
Attachment #450247 - Flags: approval2.0?
Comment on attachment 450247 [details] [diff] [review]
Proposed Patch

Please do not request approval until reviews are complete.
Attachment #450247 - Flags: approval2.0?
Comment on attachment 450247 [details] [diff] [review]
Proposed Patch

r=dveditz
Attachment #450247 - Flags: review?(dveditz) → review+
Attachment #450247 - Flags: approval2.0?
Attachment #450247 - Flags: approval2.0? → approval2.0+
http://hg.mozilla.org/mozilla-central/rev/930f0a4d70d0
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: