Regressed CSP directives with sources containing capital letters are not applied

Published: | Categories: Privacy & Security


On Firefox 35, Content Security Policy (CSP) directives are not applied properly if the source URLs contain capital letters, like Mozilla developers have found that Firefox’s current CSP implementation is internally decapitalizing source URLs and therefore they don’t match the actual URLs. This issue has been fixed with Firefox 35.0.1.