mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-11 20:35:50 +00:00
Bug 679772 - Send cookies and HTTP auth with CSP report requests, r=dveditz
This commit is contained in:
parent
872f549d6a
commit
6966c670a3
@ -312,12 +312,6 @@ ContentSecurityPolicy.prototype = {
|
||||
req.upload.addEventListener("error", failure, false);
|
||||
req.upload.addEventListener("abort", failure, false);
|
||||
|
||||
// make request anonymous
|
||||
// This prevents sending cookies with the request,
|
||||
// in case the policy URI is injected, it can't be
|
||||
// abused for CSRF.
|
||||
req.channel.loadFlags |= Ci.nsIChannel.LOAD_ANONYMOUS;
|
||||
|
||||
req.send(JSON.stringify(report));
|
||||
CSPdebug("Sent violation report to " + uris[i]);
|
||||
} catch(e) {
|
||||
|
Loading…
Reference in New Issue
Block a user