roytam1/palemoon27
1
0
Fork 0
mirror of https://github.com/roytam1/palemoon27.git synced 2026-06-10 02:18:57 +00:00
Code Issues Projects Releases Wiki Activity
2,180 Commits 9 Branches 1 Tag
f2a2f38fe27e6ee4bc3cdbcabd7ba72e080fcdeb
Commit Graph

6 Commits

Author SHA1 Message Date
Pale Moon c3b6fc86bd Relax CSP restrictions as a workaround for sites 
Site in question are solely relying on the deprecated `child-src` directive.
Deprecation in CSP-3: https://w3c.github.io/webappsec-csp/#directive-child-src

Important: This is a rather course temporary workaround and should be removed when the standard stabilizes or a more accurate solution is found.
The main reason for this workaround is that sites remove sources from the `script-src`/`default-src` list for workers, expecting it to be handled solely by `child-src`.
Tag #949
 2018-07-25 07:15:52 +08:00
NTD 35a65b8507 Make sure the security state is set properly in nsMixedContentBlocker 2018-07-25 06:52:52 +08:00
janekptacijarabaci 7cf33c4329 CORS: A "data:" URL = the same-origin 2018-07-25 06:43:07 +08:00
Pale Moon 53617979da CSP: Insecure HTTP port :80 should also allow secure HTTPS port :443. 
- this also splits out port checking to re-order the checking to be more in line with the spec order.
 2018-07-25 01:29:18 +08:00
Pale Moon eb6d10adc1 CSP - Bail early if referrer directive has no valid src. 2018-07-25 01:04:18 +08:00
Moonchild baf46a6bf1 Merge pull request #1 from mozilla/esr38: Esr38 upstream pull 2018-07-24 23:04:07 +08:00