(CSP) "Content Security Policy: Directive inline style base restriction violated" when doing view-source on login.mozilla.org

NEW
Unassigned

Status

()

Core
DOM: Security
5 years ago
3 months ago

People

(Reporter: dholbert, Unassigned)

Tracking

(Blocks: 1 bug)

Trunk
x86_64
Linux
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [domsecurity-backlog], URL)

(Reporter)

Description

5 years ago
STR:
 1. Visit https://login.mozilla.org/
 2. Open the error console. (Ctrl+Shift+J)
 3. (optional) Hit "Clear" button in console, to clear out everything there.
 4. View|Source on the login.mozilla.org window.
 5. Inspect error console.

SIMPLER STR:
 Visit the URL "view-source:https://login.mozilla.org/" while you have the error console open.

ACTUAL RESULTS: This appears, when you open "View Source":
{
[11:22:04.898] Content Security Policy: Directive inline style base restriction violated @ view-source:https://login.mozilla.org/
}

Presumably this happens because Firefox is applying styling to present the "view-source" UI, which conflicts with CSP headers sent to us by login.mozilla.org.
Component: Security → DOM: Security
Whiteboard: [domsecurity-backlog]
You need to log in before you can comment on or make changes to this bug.