[Webkit-unassigned] [Bug 154288] New: CSP: Violation report should include HTTP status code of protected resource
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Feb 16 06:42:37 PST 2016
https://bugs.webkit.org/show_bug.cgi?id=154288
Bug ID: 154288
Summary: CSP: Violation report should include HTTP status code
of protected resource
Classification: Unclassified
Product: WebKit
Version: WebKit Local Build
Hardware: All
OS: All
Status: NEW
Keywords: WebExposed
Severity: Normal
Priority: P2
Component: WebCore Misc.
Assignee: webkit-unassigned at lists.webkit.org
Reporter: dbates at webkit.org
CC: webkit-bug-importer at group.apple.com
The Content Security Policy violation report should include the HTTP status code of the protected resource as per <https://w3c.github.io/webappsec-csp/2/#violation-reports> (29 August 2015):
[[
4.4. Reporting
...
To generate a violation report object, the user agent MUST use an algorithm equivalent to the following:
Prepare a JSON object violation with the following keys and values:
blocked-uri
The originally requested URL of the resource that was prevented from loading, stripped for reporting, or
the empty string if the resource has no URL (inline script and inline style, for example).
...
status-code
The status-code of the HTTP response that contained the protected resource, if the protected resource was
obtained over HTTP. Otherwise, the number 0.
...
]]
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160216/2a24d3e8/attachment.html>
More information about the webkit-unassigned
mailing list