From: Kohei Yoshino <kohei.yoshino@gmail.com>
Date: Tue, 8 Jan 2019 22:19:42 +0000 (-0500)
Subject: Bug 1493253 follow up - Set CSP for crash table iframe
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=589ccc09c6ec1d9dc603f7916a2e685ddefe8873;p=thirdparty%2Fbugzilla.git

Bug 1493253 follow up - Set CSP for crash table iframe
---

diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm
index 3d7daed3e..29b7174f4 100644
--- a/Bugzilla/CGI.pm
+++ b/Bugzilla/CGI.pm
@@ -39,7 +39,10 @@ sub DEFAULT_CSP {
     default_src => ['self'],
     script_src =>
       ['self', 'nonce', 'unsafe-inline', 'https://www.google-analytics.com'],
-    frame_src   => ['none',],
+    frame_src   => [
+      # This is for extensions/BMO/web/js/firefox-crash-table.js
+      'https://crash-stop-addon.herokuapp.com',
+    ],
     worker_src  => ['none',],
     img_src     => ['self', 'blob:', 'https://secure.gravatar.com'],
     style_src   => ['self', 'unsafe-inline'],
@@ -98,7 +101,12 @@ sub SHOW_BUG_MODAL_CSP {
       # This is from extensions/OrangeFactor/web/js/orange_factor.js
       'https://treeherder.mozilla.org/api/failurecount/',
     ],
-    frame_src  => ['self',],
+    frame_src  => [
+      'self',
+
+      # This is for extensions/BMO/web/js/firefox-crash-table.js
+      'https://crash-stop-addon.herokuapp.com',
+    ],
     worker_src => ['none',],
   );
   if (use_attachbase() && $bug_id) {