863878 - The CSP logging from bug 821877 should go to the new Security Pane in the Web Console

Status: RESOLVED FIXED

(Core :: Security, defect)

Description

[Garrett Robinson [:grobinson]]

Bug 821877 logged errors about invalid CSP errors, which are relevant to web developers, to the web console, but reused the JS filter pane to do so because there was nowhere else to put it. Now that we have a new dedicated security pane introduced in bug 837351, we should log these errors there instead (indeed this was one of the original motivations for creating the dedicated pane).

Comment 1

[Garrett Robinson [:grobinson]]

Attachment: Patch 1

This patch categorizes all nsIScriptErrors with category "CSP" as security errors in the Web Console. I updated the unit test to more precisely test the desired behavior. I also removed the separate calls to ReportToConsole for the CSP errors that are added to the error queue, since doing this caused the errors to be reported to the Error Console twice.

Comment 2

[Boris Zbarsky [:bzbarsky]]

Comment on attachment 739853 [details] [diff] [review]
Patch 1

r=me

Comment 3

[David Dahl :ddahl]

Comment on attachment 739853 [details] [diff] [review]
Patch 1

Review of attachment 739853 [details] [diff] [review]:
-----------------------------------------------------------------

<Just reviewing webconsole.js + tests>

Looks good. How does try server look?

Comment 4

[Garrett Robinson [:grobinson]]

Try run: https://tbpl.mozilla.org/?tree=Try&rev=1a29311aa80f

Comment 5

[Garrett Robinson [:grobinson]]

Try run was green.

Comment 6

[Garrett Robinson [:grobinson]]

https://hg.mozilla.org/integration/mozilla-inbound/rev/2f839f4b2f32

Comment 7

[Ryan VanderMeulen [:RyanVM]]

https://hg.mozilla.org/mozilla-central/rev/2f839f4b2f32