SummerOfCode/2012/UserCSP/WeeklyUpdates/2012-06-18

From MozillaWiki
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

« previous week | index | next week »



This Week

Monday, 18 June

  • Tested "X-Content-Security-Policy" header injection
    • Use google.co.in for testing and block images from google by setting img-src directive in CSP rules. I observed that userCSP add-on successfully injected "X-Content-Security-Policy" header in Google response web page and images from google were blocked.
    • I also created two websites in virtual machine for testing purpose namely "a.com" and "b.com". A webpage from "a.com" loads scripts and images from both "a.com" as well as "b.com". Using userCSP add-on, I set img-src and script-src to "a.com" for webpages from "a.com". Thus userCSP add-on sucessfully block resources from "b.com" to be loaded.

Tuesday, 19 June

  • Google search on mozilla idl's to implement combine strict and combine loose functionality when two csp policies are available.

Wednesday, 20 June

Thursday, 21 June

Friday, 22 June

  • Created a global table to store complete csp policy for website defined CSP and user specified CSP.
Retrieved from "https://wiki.mozilla.org/index.php?title=SummerOfCode/2012/UserCSP/WeeklyUpdates/2012-06-18&oldid=445511"