Remove code for Firefox bug 1313937

Created on 29 December 2023, 6 months ago

Updated 19 January 2024, 5 months ago

Problem/Motivation

Firefox had a bug that would not respect 'strict-dynamic', nonces, or hashes set on default-src if it was a fallback for script-src or style-src that were not set on a policy. (https://bugzilla.mozilla.org/show_bug.cgi?id=1313937).

CSP module addresses this by copying the default-src value to the other directives if necessary.

The bug was fixed in Firefox 117 (Released Aug 2023, End of support Sep 2023), but is still present in the ESR 115 release supported until Oct 2024.

Proposed resolution

After Oct 2024, remove the Firefox bug fix method

Remaining tasks

User interface changes

API changes

Data model changes

📌 Task

Status

Postponed

Version

2.0

Component

Code

Created by

🇨🇦Canada gapple

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @gapple
Comment 5 months ago →
🇨🇦Canada gapple

contrib.social Blog FAQ Discussions

Production build 0.69.0 2024