diff options
author | Moonchild <moonchild@palemoon.org> | 2020-08-28 06:46:12 +0000 |
---|---|---|
committer | Moonchild <moonchild@palemoon.org> | 2020-08-28 06:46:12 +0000 |
commit | 4358ff62a563938549c79684044cd423e94737c1 (patch) | |
tree | f50b26e17c2ee544decae21f5e6fde58c9eefcfe /modules | |
parent | 6eb0dd86111cc2a7c55dfdc3eeb29a34c52e8035 (diff) | |
download | UXP-4358ff62a563938549c79684044cd423e94737c1.tar UXP-4358ff62a563938549c79684044cd423e94737c1.tar.gz UXP-4358ff62a563938549c79684044cd423e94737c1.tar.lz UXP-4358ff62a563938549c79684044cd423e94737c1.tar.xz UXP-4358ff62a563938549c79684044cd423e94737c1.zip |
[media] Only include source error details in debugging scenarios.
Unless a user is debugging media errors, this detail is unnecessary to report
and could include sensitive data which could be abused by third-party
requesters. This aligns it with the standard success/error paradigms in normal
browsing situations.
Diffstat (limited to 'modules')
-rw-r--r-- | modules/libpref/init/all.js | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js index 2a50d3704..5eed08f86 100644 --- a/modules/libpref/init/all.js +++ b/modules/libpref/init/all.js @@ -5440,3 +5440,11 @@ pref("prompts.authentication_dialog_abuse_limit", 0); // Whether module scripts (<script type="module">) are enabled for content. pref("dom.moduleScripts.enabled", true); +// Report details when a media source error occurs? +// Enabled by default in debug builds, otherwise should be explicitly enabled +// by the user to prevent XO leaking of the response status (CVE-2020-15666) +#ifdef DEBUG +pref("media.sourceErrorDetails.enabled", true); +#else +pref("media.sourceErrorDetails.enabled", false); +#endif |