Extend CSP policy to include rules for untrusted packaged apps

RESOLVED WONTFIX

Status

()

Core
General
RESOLVED WONTFIX
6 years ago
6 years ago

People

(Reporter: jsmith, Unassigned)

Tracking

Trunk
ARM
Gonk (Firefox OS)
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

6 years ago
https://bugzilla.mozilla.org/show_bug.cgi?id=768868#c32 identified a concern that we have to be careful allowing installation of packaged apps that have their permissions reduced from privileged to web due to a lack of a prerequisite requirement (e.g. privileged app isn't signed) needing to be met that a CSP policy still needs to be enforced in these cases. We need to extend the CSP policy established in bug 768029 to set rules for when this scenario happens with the "web" packaged app.
(Reporter)

Updated

6 years ago
Depends on: 768029
(Reporter)

Updated

6 years ago
blocking-basecamp: --- → ?
Lucas said he's strongly in favor of simply blocking the install instead, which I agree is reasonable behavior, especially for an initial release.
Status: NEW → RESOLVED
blocking-basecamp: ? → ---
Last Resolved: 6 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.