Speaking of CSP - Unexpected 'self' Replacement in Reports
Moderator: trava90
Forum rules
This board is for technical/general usage questions and troubleshooting for the Pale Moon browser only.
Technical issues and questions not related to the Pale Moon browser should be posted in other boards!
Please keep off-topic and general discussion out of this board, thank you!
This board is for technical/general usage questions and troubleshooting for the Pale Moon browser only.
Technical issues and questions not related to the Pale Moon browser should be posted in other boards!
Please keep off-topic and general discussion out of this board, thank you!
-
- Astronaut
- Posts: 666
- Joined: 2018-05-17, 02:34
- Location: Los Berros Canyon, California
Speaking of CSP - Unexpected 'self' Replacement in Reports
Since there were a couple issues relating to it, I decided to do some tinkering in the area, and noticed a kind of unexpected behavior in the reporting system - the term 'self' ends up getting replaced by the local domain in CSP error messages and reports - DO NOT BE FOOLED. The entry is handled strictly as 'self' within the actual CSP logic - this can result in console errors and reports that mention a rule that redundantly says, for example, "base-uri https:\/\/mywebsite.com https:\/\/mywebsite.com https:\/\/*.mywebsite.com" when it in fact means "base-uri 'self' https:\/\/mywebsite.com https:\/\/*.mywebsite.com" and correctly behaves as such.