Confirmed users
373
edits
TPE CONNECTIVITY GROUP/2015-Q2: Difference between revisions
→Engage with new security model priority: p1
Changyihsin (talk | contribs) |
Changyihsin (talk | contribs) |
||
| Line 14: | Line 14: | ||
# Fix service worker bugs | # Fix service worker bugs | ||
# Fix CSP bugs | # Fix CSP bugs | ||
## {{Bug|959388}} - CSP 1.1: Workers have their own CSP policies, should not inherit from parent document ('''in progress''') | |||
## {{Bug|881509}} - Content Security Policy ShouldLoad and ShouldProcess do not use request principal (blocks 959388) | |||
## {{Bug|908933}} - CSP does not block cross-domain applets with object-src 'self | |||
## {{Bug|1030936}} - [CSP] remove fast-path for certified apps once the C++ backend is activated | |||
# Fix same origin and cookie jars bugs | # Fix same origin and cookie jars bugs | ||
## https://github.com/allstarschh/b2gSecurity/blob/master/origin.md | ## https://github.com/allstarschh/b2gSecurity/blob/master/origin.md | ||