Closed
Bug 817674
Opened 12 years ago
Closed 6 years ago
Add new Makefile target (checkcsp) to verify CSP compliance
Categories
(Firefox OS Graveyard :: Gaia, enhancement)
Tracking
(blocking-basecamp:-)
RESOLVED
WONTFIX
blocking-basecamp | - |
People
(Reporter: macajc, Unassigned)
References
Details
Attachments
(1 file, 1 obsolete file)
A new option must be added to Makefile to check for CSP compliance. This new option must build a report of the applications that break the policy including the line number where the error is.
Reporter | ||
Updated•12 years ago
|
Assignee: nobody → macajc
Reporter | ||
Updated•12 years ago
|
blocking-basecamp: --- → ?
Reporter | ||
Comment 1•12 years ago
|
||
https://github.com/mozilla-b2g/gaia/pull/6788
Status: NEW → ASSIGNED
Updated•12 years ago
|
Component: Builds → Gaia
Comment 2•12 years ago
|
||
I think this is an excellent idea for build automation, but I don't think this should block ship for the same reasons why we don't generally block on automation (we only block if an entire automation framework is blocked due to a bug).
Reporter | ||
Comment 3•12 years ago
|
||
Attachment #688175 -
Flags: review?(fabrice)
Reporter | ||
Comment 4•12 years ago
|
||
Comment on attachment 688175 [details]
GH PR #6788
NOTE: If blocking-basecamp+ is set, just land it for now.
[Approval Request Comment]
Bug caused by (feature/regressing bug #):
User impact if declined:
Testing completed:
Risk to taking this patch (and alternatives if risky):
Attachment #688175 -
Flags: approval-gaia-master?(francisco.jordano)
Comment 5•12 years ago
|
||
Not a blocker, but something really useful, will take a look to it.
blocking-basecamp: ? → -
Comment on attachment 688175 [details]
GH PR #6788
Since this is not-part-of-build there's no need for approval. Just land when it's ready.
Attachment #688175 -
Flags: approval-gaia-v1?(francisco.jordano)
Comment 7•11 years ago
|
||
Hm, it looks like Francisco started to review that. Sorry for the lag, but if it's rebased an works I see no reason to not take that.
Comment 8•11 years ago
|
||
Hi Fabrice, we were discussing this with Vivien, he had his concerns about adding another way of checking csp. For me was looking ok, if we do agree (Vivien manifest!), I'm totally up to include it. Thanks, F.
Comment 9•11 years ago
|
||
Comment on attachment 688175 [details]
GH PR #6788
Carmen, if you are still interested in doing that, ask :ochameau to review.
Attachment #688175 -
Flags: review?(fabrice)
Reporter | ||
Comment 10•11 years ago
|
||
Yes, I'm still interested in doing this. But with the age of this patch, I'm pretty sure it'll have rotted a lot. So I'll un-rot it and submit a new patch. Thanks for reminding me, Fabric
Updated•10 years ago
|
Comment 11•10 years ago
|
||
New PR, proposing a CSP linter step. Garrett, can you check what is wrong in my code ? I can't trigger any CSP error this way.
Attachment #688175 -
Attachment is obsolete: true
Flags: needinfo?(grobinson)
Comment 12•10 years ago
|
||
Christoph, I've been told that you may be of help also :). I've tried adding an observer against csp-on-violate-policy, but no luck either.
Flags: needinfo?(mozilla)
Comment 13•10 years ago
|
||
(In reply to Alexandre LISSY :gerard-majax from comment #12) > Christoph, I've been told that you may be of help also :). > > I've tried adding an observer against csp-on-violate-policy, but no luck > either. Talked to Garrett, he will help you on this. I have seen he already commented on the PR. Clearing Needinfo flag.
Flags: needinfo?(mozilla)
Comment 14•10 years ago
|
||
Alexandre, I've commented on the pull request, and am clearing needinfo. Feel me free to needinfo me again if you need... more info.
Updated•10 years ago
|
Flags: needinfo?(grobinson)
Comment 15•10 years ago
|
||
Garrett, I've updated the PR with some code that should, IMHO, trigger CSP. But it still does not. Any idea what I'm missing?
Flags: needinfo?(grobinson)
Comment 16•10 years ago
|
||
Alexandre, I commented on the PR. My guess is mozbrowser is overriding APP_STATUS_CERTIFIED, a confusing behavior that I have encountered elsewhere.
Flags: needinfo?(grobinson)
Comment 17•9 years ago
|
||
Alexandre: Are you still hoping to work on this bug, or do we want to set it aside?
Flags: needinfo?(lissyx+mozillians)
Comment 18•9 years ago
|
||
I'm not working on this anymore, I got blocked on using csp from gecko, never found my way out. Feel free to steal if you have ideas :)
Flags: needinfo?(lissyx+mozillians)
Updated•9 years ago
|
Assignee: lissyx+mozillians → nobody
Severity: normal → enhancement
Status: ASSIGNED → NEW
Comment 19•6 years ago
|
||
Firefox OS is not being worked on
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•