Bug 1562328 - Add https to the img-src in the CSP to allow for displaying Sync avatars. r=MattN,markh
authorJared Wein <jwein@mozilla.com>
Tue, 30 Jul 2019 22:44:46 +0000
changeset 485446 11de4b3dec2b4730c34f90a6f53c7cd9f5c18597
parent 485445 9f2e60fb1dcd5761c71b91f9050d8f367ebea52b
child 485447 ba46e4595079e4fb1222320e231b19a8049bb85d
push id91301
push userjwein@mozilla.com
push dateTue, 30 Jul 2019 22:45:33 +0000
treeherderautoland@11de4b3dec2b [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersMattN, markh
bugs1562328
milestone70.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1562328 - Add https to the img-src in the CSP to allow for displaying Sync avatars. r=MattN,markh Differential Revision: https://phabricator.services.mozilla.com/D38737
browser/components/aboutlogins/content/aboutLogins.html
--- a/browser/components/aboutlogins/content/aboutLogins.html
+++ b/browser/components/aboutlogins/content/aboutLogins.html
@@ -1,17 +1,17 @@
 <!-- This Source Code Form is subject to the terms of the Mozilla Public
    - License, v. 2.0. If a copy of the MPL was not distributed with this
    - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
 
 <!DOCTYPE html>
 <html>
   <head>
     <meta charset="utf-8">
-    <meta http-equiv="Content-Security-Policy" content="default-src 'none'; object-src 'none'; script-src resource: chrome:; img-src data: blob:;"/>
+    <meta http-equiv="Content-Security-Policy" content="default-src 'none'; object-src 'none'; script-src resource: chrome:; img-src data: blob: https://firefoxusercontent.com;"/>
     <title data-l10n-id="about-logins-page-title"></title>
     <link rel="localization" href="browser/branding/sync-brand.ftl">
     <link rel="localization" href="browser/aboutLogins.ftl">
     <script type="module" src="chrome://browser/content/aboutlogins/components/confirmation-dialog.js"></script>
     <script type="module" src="chrome://browser/content/aboutlogins/components/fxaccounts-button.js"></script>
     <script type="module" src="chrome://browser/content/aboutlogins/components/login-filter.js"></script>
     <script type="module" src="chrome://browser/content/aboutlogins/components/login-item.js"></script>
     <script type="module" src="chrome://browser/content/aboutlogins/components/login-list.js"></script>