On 04.10.12 07:31, Lucas Adamski wrote:
Hi all,
The bug to apply CSP to Gaia apps has landed
(https://bugzilla.mozilla.org/show_bug.cgi?id=768029), but the policy is not
yet being enforced since it would break a number of core apps. The next step
is to identify and fix Gaia breakage caused by this change. If you are a Gaia
developer, the best way to do so is to set the following pref:
user_pref("security.apps.certified.CSP.default", "default-src *; script-src 'self';
object-src 'none'; style-src 'self'");
.. and then test your app, and see what breaks. :)
If you not familiar with setting preferences, the easiest way appears to be:
cd gaia
add the pref above to the file custom-prefs.js
"make make install-gaia"
If you have questions or concerns, please let me know! Thanks!
Lucas.
Hi,
talking about csp, I'd love to see a testcase to trigger
cspFrameAncestorBlocked in neterror, in the gaia browser app content
frame, that is. Do you have something like that?
Thanks
Axel
_______________________________________________
dev-b2g mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-b2g
