Closed
Bug 1472661
Opened 6 years ago
Closed 6 years ago
Enable and ship CSP Policy violation events
Categories
(Core :: DOM: Security, enhancement, P3)
Core
DOM: Security
Tracking
()
RESOLVED
FIXED
mozilla63
People
(Reporter: ckerschb, Assigned: baku)
References
(Blocks 3 open bugs)
Details
(Keywords: dev-doc-complete, Whiteboard: [domsecurity-backlog1] [domsecurity-active] )
Withing Bug 1037335 we implemented most of CSP policy violation events but there are a few dependencies that need to clear before we can ship violation events by default. In particular: * Bug 1418236 * Bug 1418241 * Bug 1418246 * (maybe even others) Currently CSP policy violation events are enabled it Nightly builds (security.csp.enable_violation_events) but obviously it would be great if we can clear those dependencies and ship violation events by default!
Reporter | ||
Updated•6 years ago
|
Reporter | ||
Updated•6 years ago
|
Reporter | ||
Updated•6 years ago
|
Assignee | ||
Updated•6 years ago
|
Assignee: nobody → amarchesini
Pushed by amarchesini@mozilla.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/020317ed6cb8 Enable and ship CSP Policy violation events, r=ckerschb
Assignee | ||
Updated•6 years ago
|
Status: NEW → ASSIGNED
Whiteboard: [domsecurity-backlog1] → [domsecurity-backlog1] [domsecurity-active]
Assignee | ||
Comment 3•6 years ago
|
||
Would be nice to have this in the release-note. Let's mark this bug as relnote-firefox
relnote-firefox:
--- → ?
Whiteboard: [domsecurity-backlog1] [domsecurity-active] → [domsecurity-backlog1] [domsecurity-active]
Comment 4•6 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/020317ed6cb8
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
status-firefox63:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla63
Comment 5•6 years ago
|
||
(In reply to Andrea Marchesini [:baku] from comment #3) > Would be nice to have this in the release-note. Let's mark this bug as > relnote-firefox Andrea, could you provide the release note text and answer the release notes questions to help us understand what this means to the end-user? Thanks Release Note Request (optional, but appreciated) [Why is this notable]: [Affects Firefox for Android]: [Suggested wording]: [Links (documentation, blog post, etc)]:
Flags: needinfo?(amarchesini)
Assignee | ||
Comment 6•6 years ago
|
||
[Why is this notable]: From the spec: "When one or more of a policy’s directives is violated, a violation report may be generated and sent out to a reporting endpoint associated with the policy." This is important feature for developers. Plus, introducing this feature, Firefox is more compliant with CSP3 spec. [Affects Firefox for Android]: supported [Links (documentation, blog post, etc)]: https://www.w3.org/TR/CSP3/#securitypolicyviolationevent
Flags: needinfo?(amarchesini)
Comment 7•6 years ago
|
||
(In reply to Andrea Marchesini [:baku] from comment #6) > [Why is this notable]: From the spec: "When one or more of a policy’s > directives is violated, a violation report may be generated and sent out to > a reporting endpoint associated with the policy." This is important feature > for developers. Plus, introducing this feature, Firefox is more compliant > with CSP3 spec. > [Affects Firefox for Android]: supported > [Links (documentation, blog post, etc)]: > https://www.w3.org/TR/CSP3/#securitypolicyviolationevent Same question as in https://bugzilla.mozilla.org/show_bug.cgi?id=1470111#c6 :) Thanks!
Flags: needinfo?(amarchesini)
Assignee | ||
Comment 8•6 years ago
|
||
> Same question as in https://bugzilla.mozilla.org/show_bug.cgi?id=1470111#c6
I guess, same answer :) But this an API! We can add this in the 'new APIs' section.
Flags: needinfo?(amarchesini)
Updated•6 years ago
|
Keywords: dev-doc-needed
Comment 10•6 years ago
|
||
Updated https://developer.mozilla.org/en-US/docs/Web/API/SecurityPolicyViolationEvent and sub pages. Compat data update: https://github.com/mdn/browser-compat-data/pull/2644 Release notes: https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/63#APIs
Keywords: dev-doc-needed → dev-doc-complete
You need to log in
before you can comment on or make changes to this bug.
Description
•