Bug 1497201: Apply Meta CSP to about:networking. DONTBUILD
authorChristoph Kerschbaumer <ckerschb@christophkerschbaumer.com>
Sun, 16 Jun 2019 11:12:16 +0000
changeset 479121 9240c11b28e5b263f67835eefaf480abc4f4a738
parent 479120 fa2384f76e274d7ce77039d0d2ff68905e03cf5c
child 479122 103207464831538a5c9d74ac66ae901e306e72f4
push id36170
push usercbrindusan@mozilla.com
push dateWed, 19 Jun 2019 03:56:45 +0000
treeherdermozilla-central@5f0f37756053 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs1497201
milestone69.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1497201: Apply Meta CSP to about:networking. DONTBUILD Differential Revision: https://phabricator.services.mozilla.com/D35153
modules/libpref/init/all.js
toolkit/content/aboutNetworking.xhtml
--- a/modules/libpref/init/all.js
+++ b/modules/libpref/init/all.js
@@ -2510,17 +2510,17 @@ pref("font.blacklist.underline_offset", 
 
 pref("security.directory",              "");
 
 // security-sensitive dialogs should delay button enabling. In milliseconds.
 pref("security.dialog_enable_delay", 1000);
 pref("security.notification_enable_delay", 500);
 
 #if defined(DEBUG) && !defined(ANDROID)
-pref("csp.about_uris_without_csp", "blank,printpreview,srcdoc,addons,cache-entry,config,debugging,devtools,downloads,home,networking,newtab,performance,plugins,profiles,preferences,restartrequired,serviceworkers,sessionrestore,support,sync-log,telemetry,url-classifier,welcomeback");
+pref("csp.about_uris_without_csp", "blank,printpreview,srcdoc,addons,cache-entry,config,debugging,devtools,downloads,home,newtab,performance,plugins,profiles,preferences,restartrequired,serviceworkers,sessionrestore,support,sync-log,telemetry,url-classifier,welcomeback");
 // the following prefs are for testing purposes only.
 pref("csp.overrule_about_uris_without_csp_whitelist", false);
 pref("csp.skip_about_page_has_csp_assert", false);
 // assertion flag will be set to false after fixing Bug 1473549
 pref("security.allow_eval_with_system_principal", false);
 pref("security.uris_using_eval_with_system_principal", "autocomplete.xml,redux.js,react-redux.js,content-task.js,preferencesbindings.js,lodash.js,jszip.js,sinon-7.2.7.js,ajv-4.1.1.js,jsol.js");
 #endif
 
--- a/toolkit/content/aboutNetworking.xhtml
+++ b/toolkit/content/aboutNetworking.xhtml
@@ -3,16 +3,17 @@
    - License, v. 2.0. If a copy of the MPL was not distributed with this
    - file, You can obtain one at http://mozilla.org/MPL/2.0/. -->
 
 
 <!DOCTYPE html>
 
 <html xmlns="http://www.w3.org/1999/xhtml">
     <head>
+        <meta http-equiv="Content-Security-Policy" content="default-src chrome:" />
         <title data-l10n-id="title"/>
         <link rel="stylesheet" href="chrome://mozapps/skin/aboutNetworking.css" type="text/css" />
         <script src="chrome://global/content/aboutNetworking.js" />
         <link rel="localization"  href="toolkit/about/aboutNetworking.ftl"/>
     </head>
     <body id="body">
         <div id="warning_message" class="warningBackground" hidden="true">
             <div class="container">