From MozillaWiki
Jump to: navigation, search

« previous week | index | next week »

This Week

Monday, 18 June

  • Tested "X-Content-Security-Policy" header injection
    • Use for testing and block images from google by setting img-src directive in CSP rules. I observed that userCSP add-on successfully injected "X-Content-Security-Policy" header in Google response web page and images from google were blocked.
    • I also created two websites in virtual machine for testing purpose namely "" and "". A webpage from "" loads scripts and images from both "" as well as "". Using userCSP add-on, I set img-src and script-src to "" for webpages from "". Thus userCSP add-on sucessfully block resources from "" to be loaded.

Tuesday, 19 June

  • Google search on mozilla idl's to implement combine strict and combine loose functionality when two csp policies are available.

Wednesday, 20 June

Thursday, 21 June

Friday, 22 June

  • Created a global table to store complete csp policy for website defined CSP and user specified CSP.