Open Bug 763930 Opened 10 years ago Updated 7 years ago

SecReview: Expose TCP Socket - Investigate restriction options - maybe via CSP. (nsiContentPolicy check)

Categories

(mozilla.org :: Security Assurance, task)

task
Not set
normal

Tracking

(Not tracked)

People

(Reporter: curtisk, Unassigned)

References

(Blocks 1 open bug, )

Details

(Whiteboard: [action item])

SecReview Action Item bug
Investigate restriction options - maybe via CSP. (nsiContentPolicy check)
I am not sure what we want to do here. This definitely isn't base camp blocking, but it seems like for consistency, eventually we would want navigator.mozTCPSocket to respect the connect-src directive.
(In reply to Paul Theriault [:pauljt] from comment #1)
> we would want navigator.mozTCPSocket to respect the connect-src
> directive.

+1

Also, mixed content blocker should block non-SSL TCP sockets in SSL contexts.
Taking me off this since I am not working on this atm (it would be great it someone was...)
Assignee: ptheriault → nobody
Assignee: nobody → dveditz
Why is this blocking bug 663566?
Flags: needinfo?(dveditz)
Dunno, better question for bsmith. Given the summary I can see the desire to show some sort of tie to CSP, but it's clearly not part of the work required to implement the CSP 1.0 standard.
Assignee: dveditz → nobody
No longer blocks: csp-w3c-1.0
Flags: needinfo?(dveditz)
You need to log in before you can comment on or make changes to this bug.