[Bug 26508] Content Security Policy (CSP)

2013-06-15 Thread bugzilla-daemon
https://bugzilla.wikimedia.org/show_bug.cgi?id=26508 --- Comment #10 from Christian Kujau li...@nerdbynature.de --- Firefox Chrome both have CSP enabled now. A single page load (6k article) gives multiple errors, here's how Chrome articulates this: --- times reported, per page | v 6

[Bug 26508] Content Security Policy (CSP)

2012-06-21 Thread bugzilla-daemon
https://bugzilla.wikimedia.org/show_bug.cgi?id=26508 --- Comment #9 from Christian Kujau li...@nerdbynature.de 2012-06-21 08:53:34 UTC --- Another CSP warning, MW 1.19.1, Firefox 13.0: --- Timestamp: 6/21/12 01:37:49 Warning: CSP: Directive inline script base restriction violated Source

[Bug 26508] Content Security Policy (CSP)

2012-03-11 Thread bugzilla-daemon
https://bugzilla.wikimedia.org/show_bug.cgi?id=26508 --- Comment #8 from Daniel Friesen mediawiki-b...@nadir-seen-fire.com 2012-03-12 03:43:29 UTC --- For those interested in CSP I put together a starting CSP branch: https://github.com/dantman/mediawiki-core/compare/master...csp It uses a

[Bug 26508] Content Security Policy (CSP)

2011-12-15 Thread bugzilla-daemon
https://bugzilla.wikimedia.org/show_bug.cgi?id=26508 Christian Kujau li...@nerdbynature.de changed: What|Removed |Added CC|

[Bug 26508] Content Security Policy (CSP)

2011-12-15 Thread bugzilla-daemon
https://bugzilla.wikimedia.org/show_bug.cgi?id=26508 Daniel Friesen mediawiki-b...@nadir-seen-fire.com changed: What|Removed |Added CC|

[Bug 26508] Content Security Policy (CSP)

2011-12-15 Thread bugzilla-daemon
https://bugzilla.wikimedia.org/show_bug.cgi?id=26508 --- Comment #6 from Bawolff bawolff...@gmail.com 2011-12-15 18:46:01 UTC --- Apparently you'd need to use a header like: X-Content-Security-Policy: allow 'self'; img-src 'self' data: to allow data urls. But we also have inline js in vector

[Bug 26508] Content Security Policy (CSP)

2011-12-15 Thread bugzilla-daemon
https://bugzilla.wikimedia.org/show_bug.cgi?id=26508 --- Comment #7 from Christian Kujau li...@nerdbynature.de 2011-12-15 23:26:44 UTC --- FWIW, I took the setting from the (out-of-date) https://people.mozilla.com/~bsterne/content-security-policy/details.html#examples, where it was described as

[Bug 26508] Content Security Policy (CSP)

2011-12-10 Thread bugzilla-daemon
https://bugzilla.wikimedia.org/show_bug.cgi?id=26508 Hendrik Brummermann nhb_...@nexgo.de changed: What|Removed |Added CC||nhb_...@nexgo.de

[Bug 26508] Content Security Policy (CSP)

2011-01-28 Thread bugzilla-daemon
https://bugzilla.wikimedia.org/show_bug.cgi?id=26508 Mark A. Hershberger m...@everybody.org changed: What|Removed |Added CC|

[Bug 26508] Content Security Policy (CSP)

2011-01-02 Thread bugzilla-daemon
https://bugzilla.wikimedia.org/show_bug.cgi?id=26508 Bawolff bawolff...@gmail.com changed: What|Removed |Added CC||bawolff...@gmail.com