Confirmed users
461
edits
SummerOfCode/2012/UserCSP/WeeklyUpdates/2012-08-06: Difference between revisions
SummerOfCode/2012/UserCSP/WeeklyUpdates/2012-08-06 (view source)
Revision as of 06:45, 14 August 2012
, 14 August 2012→Thursday, {{#time:d F|{{SUBPAGENAME}} +3 days}}
| Line 29: | Line 29: | ||
=== Thursday, {{#time:d F|{{SUBPAGENAME}} +3 days}} === | === Thursday, {{#time:d F|{{SUBPAGENAME}} +3 days}} === | ||
* | * Policy rules are displayed in Blue color and all other text is in black color in add-on UI. | ||
* Read refinePolicy() function source code on "content/base/src/CSPUtils.jsm" file. I used refinePolicy() function to combine website policy and user policy with strict subset. | |||
For example, https://csptest.computerist.org sets following CSP rules | |||
Website CSP Rules: | |||
allow 'self'; img-src 'self'; script-src 'self'; options 'bogus-option'; report-uri https://unknown.computerist.org:8443/report | |||
If user defined following rules using our add-on: | |||
User CSP Rules: | |||
script-src 'self' ; | |||
Then combine Strict rules I get using refinePolicy() function are as follows: | |||
Combine Strict Rules: | |||
default-src 'none'; script-src 'none'; style-src 'none'; media-src 'none'; img-src 'none'; object-src 'none'; frame-src 'none'; frame-ancestors *; font-src 'none'; xhr-src 'none' | |||
Whereas, website and user both set script-src to 'self', but refinePolicy function returns 'none' for script-src. | |||
This issue is not yet resolved. | |||
=== Friday, {{#time:d F|{{SUBPAGENAME}} +4 days}} === | === Friday, {{#time:d F|{{SUBPAGENAME}} +4 days}} === | ||