[Webkit-unassigned] [Bug 154288] New: CSP: Violation report should include HTTP status code of protected resource

Tue Feb 16 06:42:37 PST 2016

https://bugs.webkit.org/show_bug.cgi?id=154288

            Bug ID: 154288
           Summary: CSP: Violation report should include HTTP status code
                    of protected resource
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Local Build
          Hardware: All
                OS: All
            Status: NEW
          Keywords: WebExposed
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: dbates at webkit.org
                CC: webkit-bug-importer at group.apple.com

The Content Security Policy violation report should include the HTTP status code of the protected resource as per <https://w3c.github.io/webappsec-csp/2/#violation-reports> (29 August 2015):

[[
4.4. Reporting

...

To generate a violation report object, the user agent MUST use an algorithm equivalent to the following:

Prepare a JSON object violation with the following keys and values:

    blocked-uri
        The originally requested URL of the resource that was prevented from loading, stripped for reporting, or 
        the empty string if the resource has no URL (inline script and inline style, for example).
...
    status-code
        The status-code of the HTTP response that contained the protected resource, if the protected resource was
        obtained over HTTP. Otherwise, the number 0.
...
]]

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160216/2a24d3e8/attachment.html>