Skip to content
This repository has been archived by the owner on Dec 11, 2019. It is now read-only.

Change CSP img-src directive on about:extensions #6290

Closed
wants to merge 1 commit into from
Closed

Change CSP img-src directive on about:extensions #6290

wants to merge 1 commit into from

Conversation

cezaraugusto
Copy link
Contributor

Fix #6257

Auditors: @bbondy

  • Submitted a ticket for my issue if one did not already exist.
  • Used Github auto-closing keywords in the commit message.
  • Ran git rebase -i to squash commits (if needed).

Test Plan:

  • Enable an extension
  • Open about:extensions
  • Extension icon must be visible

@cezaraugusto cezaraugusto added this to the 0.13.0 milestone Dec 18, 2016
@cezaraugusto cezaraugusto self-assigned this Dec 18, 2016
@cezaraugusto
Change CSP img-src directive on about:extensions
278e968 
Fix #6257

Auditors: @bbondy

Test Plan:
* Enable an extension
* Open about:extensions
* Extension icon must be visible
@bbondy
Copy link
Member

bbondy commented Dec 19, 2016

@diracdeltas @bridiver did this change recently? I'm wondering why this would of started happening.

@bridiver
Copy link
Collaborator

this actually doesn't look correct to me. An extension shouldn't be loading images from file urls

diracdeltas
diracdeltas reviewed Dec 19, 2016
View reviewed changes
app/extensions.js
@@ -141,7 +141,7 @@ let generateBraveManifest = () => {
'form-action': '\'none\'',
'referrer': 'no-referrer',
'style-src': '\'self\' \'unsafe-inline\'',
'img-src': '* data:',
'img-src': '\'self\' file://*',
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i think you need to keep '*' and 'data:', otherwise favicons won't load in about:preferences ledger panel

@diracdeltas
Copy link
Member

in 0.12.5 i see the pdfjs extension loaded from file:///Users/yan/Library/Application%20Support/Brave/Extensions/jdbefljfgobbmcidnmpjamcbhnbphjnb/1.6.386/icon48.png

@bridiver
Copy link
Collaborator

where do you see that @diracdeltas? It should be loading images using chrome-extension urls, not file urls

@diracdeltas
Copy link
Member

@bridiver about:extensions

@bridiver
Copy link
Collaborator

I think they should be using chrome extension urls

@bbondy
Copy link
Member

bbondy commented Dec 19, 2016

I'm going to close this in favour of loading the image from the extension itself instead. I'll do a different push for it.

@bbondy bbondy closed this Dec 19, 2016
@luixxiul luixxiul removed this from the 0.13.0 milestone Dec 19, 2016
@cezaraugusto cezaraugusto mentioned this pull request Dec 19, 2016
Closed
@cezaraugusto cezaraugusto deleted the feature/extensions/6257 branch July 25, 2017 07:25
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@diracdeltas diracdeltas diracdeltas left review comments

@bbondy bbondy Awaiting requested review from bbondy

Assignees

@cezaraugusto cezaraugusto

Labels
feature/extensions
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@cezaraugusto @bbondy @bridiver @diracdeltas @luixxiul