Closed
Bug 837682
Opened 11 years ago
Closed 9 years ago
Update our CSP documentation to match 1.0 and our latest implemenation
Categories
(Developer Documentation Graveyard :: Protocols, defect, P1)
Developer Documentation Graveyard
Protocols
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: teoli, Assigned: sheppy)
References
(Blocks 2 open bugs, )
Details
(Whiteboard: u=webdev p=2 c=Security)
:: Developer Documentation Request
Request Type: Correction
Gecko Version: Trunk
Technical Contact:
:: Details
CSP evolved since our initial implementation. It is now a CR at the W3C.
We are in the progress to update our implementation, we need to update our documentation too.
Our fixes spans several Fx versions.
|
||
Comment 1•11 years ago
|
||
I've been planning on updating MDN's CSP page at least when the CSP 1.0 implementation work is finished
|
|
||
Updated•11 years ago
|
Blocks: csp-w3c-1.0
|
||
Comment 2•11 years ago
|
||
(In reply to Ian Melven :imelven from comment #1) > I've been planning on updating MDN's CSP page at least when the CSP 1.0 > implementation work is finished I'll be very happy to help in any way I can (review, style issues, etc.)
|
|
||
Comment 3•11 years ago
|
||
(In reply to David Bruant from comment #2) > (In reply to Ian Melven :imelven from comment #1) > > I've been planning on updating MDN's CSP page at least when the CSP 1.0 > > implementation work is finished > I'll be very happy to help in any way I can (review, style issues, etc.) Thank you, David, that is awesome ! Bug 842657 is the one to watch for actually turning on the CSP 1.0 implementation - it's waiting on the inline styles stuff, which needs some spec discussion and a bit more work.
|
|
||
Comment 4•11 years ago
|
||
(In reply to Ian Melven :imelven from comment #3) > (In reply to David Bruant from comment #2) > > (In reply to Ian Melven :imelven from comment #1) > > > I've been planning on updating MDN's CSP page at least when the CSP 1.0 > > > implementation work is finished > > I'll be very happy to help in any way I can (review, style issues, etc.) > > Thank you, David, that is awesome ! Bug 842657 is the one to watch for > actually turning on the CSP 1.0 implementation I was talking about help in updating the documentation ;-) (yes, sorry, when saying "any way I can", I meant "... in the realm of documentation") As a web developer, I'm pretty excited about CSP, so any way I can help to share about CSP to other developers, I'll be happy to do.
|
|
||
Comment 5•11 years ago
|
||
(In reply to David Bruant from comment #4) > > I was talking about help in updating the documentation ;-) (yes, sorry, when > saying "any way I can", I meant "... in the realm of documentation") oh yeah, that's how I understood it - sorry, I meant: once that bug lands and CSP 1.0 is turned, I will start on the documentation stuff and take you up on your offer of help :) > As a web developer, I'm pretty excited about CSP, so any way I can help to > share about CSP to other developers, I'll be happy to do. That is great to hear as well :D
|
Assignee | |
Updated•11 years ago
|
Assignee: nobody → eshepherd
Component: DOM → Protocols
OS: Other → All
Whiteboard: u=webdev p=0
|
|
Assignee | |
Updated•11 years ago
|
Priority: P2 → P1
Whiteboard: u=webdev p=0 → u=webdev p=2 c=Security
|
|
Assignee | |
Comment 6•11 years ago
|
||
See this blog post: https://blog.mozilla.org/security/2013/06/11/content-security-policy-1-0-lands-in-firefox/
|
|
||
Comment 7•11 years ago
|
||
I made a pass through https://developer.mozilla.org/en-US/docs/Security/CSP https://developer.mozilla.org/en-US/docs/Security/CSP/CSP_policy_directives https://developer.mozilla.org/en-US/docs/Security/CSP/Using_Content_Security_Policy https://developer.mozilla.org/en-US/docs/Security/CSP/Using_CSP_violation_reports and did some updates. I switched everything to using the Content-Security-Policy header (although note this isn't supported until Fx23, which just went to beta) and added notes saying that prior to Fx23, the X-Content-Security-Policy header is used. In some places, I clarified it's fine to send both and the Content-Security-Policy header will be used. If folks could review and maybe make my updates more 'MDN-ish' that would be greatly appreciated. In particular, we likely want to highlight loudly that people should switch to using the Content-Security-Policy header and X-Content-Security-Policy should not be used.
|
|
||
Comment 8•11 years ago
|
||
If anything I updated needs any clarifications or folks have any questions, I'm happy to help with that as well !
|
||
Comment 9•10 years ago
|
||
We should update our documentation to follow CSP 2.0 by now: http://www.w3.org/TR/CSP11/
|
|
||
Comment 10•9 years ago
|
||
Hey Sheppy, we are triaging at the moment[1]. The docs look good to us - do you feel confident to close this bug? [1] https://developer.mozilla.org/en-US/docs/Web/Security/CSP
Flags: needinfo?(eshepherd)
|
Reporter | |
Comment 11•9 years ago
|
||
We can close it. The documentation has been updated month ago and I'm adding CSP 1.1 info as it is implemented (if the bugs has dev-doc-needed to notify us)
Status: NEW → RESOLVED
Closed: 9 years ago
Flags: needinfo?(eshepherd)
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•