https://bugzilla.mozilla.org/show_bug.cgi?id=768868#c32 identified a concern that we have to be careful allowing installation of packaged apps that have their permissions reduced from privileged to web due to a lack of a prerequisite requirement (e.g. privileged app isn't signed) needing to be met that a CSP policy still needs to be enforced in these cases. We need to extend the CSP policy established in bug 768029 to set rules for when this scenario happens with the "web" packaged app.
Lucas said he's strongly in favor of simply blocking the install instead, which I agree is reasonable behavior, especially for an initial release.
Status: NEW → RESOLVED
blocking-basecamp: ? → ---
Last Resolved: 6 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.