Firefox bug fix doesn't detect hashes properly

Created on 29 December 2023, over 1 year ago

Updated 12 January 2024, about 1 year ago

Problem/Motivation

When Csp::ff1313937() is checking if it needs to modify the policy, it checks for the string hash and not the proper hash algorithm prefixes.

    $hasBugSource = array_reduce(
      $directives['default-src'],
      function ($return, $value) {
        return $return || (
          $value == Csp::POLICY_STRICT_DYNAMIC
          ||
          preg_match("<^'(hash|nonce)->", $value)
        );
      },
      FALSE
    );

Steps to reproduce

Proposed resolution

Change the regular expression to get the valid hash algorithms from Csp::HASH_ALGORITHMS

Remaining tasks

User interface changes

API changes

Data model changes

🐛 Bug report

Status

Fixed

Version

1.0

Component

Code

Created by

🇨🇦Canada gapple

Live updates comments and jobs are added and updated live.

Merge Requests

!25Firefox bug fix doesn't detect hashes properly
Merged
🇨🇦Canada gapple
updated over 1 year ago

Comments & Activities

Issue created by @gapple
Comment over 1 year ago →
🇨🇦Canada gapple
Looks like the bug was fixed in Firefox 117, but is still present in the ESR 115 release which is supported until Oct 2024
Merge request !25Fix Firefox Bug Fix doesn't properly handle hashes → (Merged) created by gapple

Comment over 1 year ago →

System Message

gapple → committed d46ce98a on 8.x-1.x

Issue #3411277 by gapple: Firefox bug fix doesn't detect hashes properly

Status changed to Fixed over 1 year ago9:03am 29 December 2023
Comment over 1 year ago →
🇨🇦Canada gapple
Comment about 1 year ago →
System Message
Automatically closed - issue fixed for 2 weeks with no activity.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024