Closed
Bug 841840
Opened 12 years ago
Closed 12 years ago
Packaged app get CSP-validation even if they are not privileged
Categories
(Marketplace Graveyard :: Validation, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: Harald, Assigned: basta)
Details
Packaged apps always get validated, whereby on B2G only packaged apps with type privileged and certified require to be CSP compliant [1].
This blocks partners who started with packaged apps not considering CSP.
The expected behavior should be that only packaged apps of type "privileged" and "certified". Type undefined or web should not be validated (or validation set as warning and not blocking submission)!
[1]: http://mxr.mozilla.org/mozilla-central/source/b2g/app/b2g.js#359
|
||
Updated•12 years ago
|
Assignee: nobody → mattbasta
|
Assignee | |
Comment 1•12 years ago
|
||
Fixed as of here:
https://github.com/mozilla/zamboni/commit/885cf517ed1ca920945cd5113a692c87b8ad9362
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
|
||
Comment 2•12 years ago
|
||
fyi, an app can also optionally specify a CSP in its manifest, see bug 773891, so it's good to see we took the path of giving warnings in this case :)
|
|
Assignee | |
Comment 3•12 years ago
|
||
An app can specify its own CSP, but the CSP cannot be looser than the default CSP. This means that none of the errors generated by the validator will be invalid.
|
|
||
Comment 4•12 years ago
|
||
(In reply to Matt Basta [:basta] from comment #3)
> An app can specify its own CSP, but the CSP cannot be looser than the
> default CSP. This means that none of the errors generated by the validator
> will be invalid.
ah, I see, thanks for the clarification !
You need to log in
before you can comment on or make changes to this bug.
Description
•