Closed Bug 1930749 Opened 7 months ago Closed 7 months ago

Add mechanism to specify custom CSP in XPConnect Sandbox

Categories

(Core :: XPConnect, enhancement)

Product:
Core
Component:
XPConnect
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
134 Branch
Tracking Flags:
Tracking Status
firefox134 --- fixed

People

(Reporter: robwu, Assigned: robwu)

References

Details

(Whiteboard: [addons-jira])

Attachments

(1 file)

Bug 1930749 - Add option to Cu.Sandbox to specify CSP
48 bytes, text/x-phabricator-request
Details | Review

The XPConnect sandbox currently special-cases the behavior for Expanded principals containing an add-on principal, to set the default CSP of add-ons. This was added in bug 1581611. That implementation depends on the expanded principal containing an add-on principal, and it allows only one fixed CSP.

This implementation is too limited. For example, bug 1911835 introduces another use of a sandbox in extensions. Here, the principal is an Expanded principal consisting of just one content principal. Notably, there is no add-on principal there.

I'm going to add an option to customize the CSP. For now, It will only support expanded principals, since other principals are not needed yet, and supporting other principals requires more work (bug 1548468).

Pushed by rob@robwu.nl: https://hg.mozilla.org/integration/autoland/rev/0ef6298a1ecd Add option to Cu.Sandbox to specify CSP r=mccr8

https://hg.mozilla.org/mozilla-central/rev/0ef6298a1ecd

Status: ASSIGNED → RESOLVED
Closed: 7 months ago
status-firefox134: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 134 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: