Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

broken subresource redirects when CSP rule does not safelist localhost #1241

Open
lidel opened this issue Jul 20, 2023 · 1 comment
Open

broken subresource redirects when CSP rule does not safelist localhost #1241

lidel opened this issue Jul 20, 2023 · 1 comment
Labels
area/firefox Issues related to Mozilla Firefox effort/hours Estimated to take one or several hours exp/beginner Can be confidently tackled by newcomers kind/bug A bug in existing code (including security flaws) P1 High: Likely tackled by core team if no one steps up

Comments

@lidel
Copy link
Member

lidel commented Jul 20, 2023

See SmaugPool/pool.pm#20 (comment) for repro steps.

CSP blocks image request and it does not load.

Potential fix is to ignore subresource requests with content-security-policy header that blocks loading resource from user's gateway.
That way it loads from original URL and we don't break websites.
@lidel lidel added kind/bug A bug in existing code (including security flaws) area/firefox Issues related to Mozilla Firefox need/triage Needs initial labeling and prioritization labels Jul 20, 2023
@lidel lidel mentioned this issue Jul 20, 2023
Closed
@lidel lidel changed the title Firefox: redirect happens when CSP rule blocks localhost img-src broken subresource redirects when CSP rule does not safelist localhost Jul 20, 2023
@github-project-automation github-project-automation bot moved this to Needs Grooming in IPFS-GUI (PL EngRes) Jul 21, 2023
@SgtPooki SgtPooki removed the need/triage Needs initial labeling and prioritization label Jul 24, 2023
@SgtPooki SgtPooki moved this from Needs Grooming to Planned / Backlog in IPFS-GUI (PL EngRes) Jul 24, 2023
@SgtPooki SgtPooki added P1 High: Likely tackled by core team if no one steps up exp/beginner Can be confidently tackled by newcomers effort/hours Estimated to take one or several hours labels Jul 24, 2023
@SgtPooki
Copy link
Member

@whizzzkid you should probably peek at this one while working on MV3

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/firefox Issues related to Mozilla Firefox effort/hours Estimated to take one or several hours exp/beginner Can be confidently tackled by newcomers kind/bug A bug in existing code (including security flaws) P1 High: Likely tackled by core team if no one steps up
Projects
No open projects
IPFS-GUI (PL EngRes)
Status: Planned / Backlog
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lidel @SgtPooki