Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Removal of support for the object-src directive #17901

Merged
merged 7 commits into from Oct 4, 2022
Merged

Removal of support for the object-src directive #17901

merged 7 commits into from Oct 4, 2022

Conversation

rebloor
Copy link
Collaborator

@rebloor rebloor commented Sep 28, 2022

Summary

Adds a note to provide documentation for Bug 1766881 Remove object-src requirement from the extension CSP, at least in MV3

Related issues

Related changes to the release notes to be completed.

@rebloor rebloor added the data:webext 🎲 Compat data for Browser Extensions. https://developer.mozilla.org/Add-ons/WebExtensions label Sep 28, 2022
@rebloor rebloor requested a review from Rob--W September 28, 2022 00:59
@rebloor rebloor self-assigned this Sep 28, 2022
Rob--W
Rob--W suggested changes Sep 28, 2022
View reviewed changes
Copy link
Member

@Rob--W Rob--W left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The note was wrong; Firefox didn't stop supporting it, it just stopped requiring unnecessary boilerplate.

Note that Safari doesn't require it either.
So you can also add a note to Chrome (mirrored to Edge and Opera) that they still require object-src to be specified, with a link to the crbug that I shared on Bugzilla.

webextensions/manifest/content_security_policy.json Outdated Show resolved Hide resolved
@rebloor rebloor requested a review from Rob--W September 29, 2022 03:28
@rebloor rebloor mentioned this pull request Sep 29, 2022
Merged
Rob--W
Rob--W approved these changes Oct 4, 2022
View reviewed changes
webextensions/manifest/content_security_policy.json Outdated
@@ -6,25 +6,31 @@
"mdn_url": "https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/manifest.json/content_security_policy",
"support": {
"chrome": {
"version_added": true
"version_added": true,
"notes": "The <code>object-src</code> directive is required."
},
"edge": {
"version_added": "14",
"notes": "Only the default content security policy is supported: \"script-src 'self'; object-src 'self';\"."
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Edge 79+ is based on chromium and mirrors the same behavior.

@rebloor rebloor merged commit 2182442 into mdn:main Oct 4, 2022
@rebloor rebloor deleted the object-src-not-supported branch October 4, 2022 21:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@queengooborg queengooborg queengooborg left review comments

@Rob--W Rob--W Rob--W approved these changes

Assignees

@rebloor rebloor

Labels
data:webext 🎲 Compat data for Browser Extensions. https://developer.mozilla.org/Add-ons/WebExtensions
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@rebloor @Rob--W @queengooborg