[Webkit-unassigned] [Bug 194392] New: Service Worker should see CSP violation reports
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Feb 7 08:15:52 PST 2019
https://bugs.webkit.org/show_bug.cgi?id=194392
Bug ID: 194392
Summary: Service Worker should see CSP violation reports
Product: WebKit
Version: Safari 12
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: Service Workers
Assignee: webkit-unassigned at lists.webkit.org
Reporter: cvazac at gmail.com
Step 3.4.2.3 here[0] omits the `service-workers mode`[1] enum, which defaults to `"all"`. This means that Service-Worker *should* get fetch events for CSP violations reports[2].
You can see a demo here[3]. When it's working, you will see this in the document:
Caught POST for https://84daacff2fb387fdf02f89b0fce73ef3.report-uri.com/r/d/csp/enforce)
{"csp-report":{"document-uri":"https://vaz.ac/dev/csp/sw/index.html","referrer":"","violated-directive":"script-src-elem","effective-directive":"script-src-elem","original-policy":"default-src 'self' 'unsafe-inline'; report-uri https://84daacff2fb387fdf02f89b0fce73ef3.report-uri.com/r/d/csp/enforce","disposition":"enforce","blocked-uri":"https://ak.vaz.ac/dev/csp/sw/index.js","line-number":23,"column-number":23,"source-file":"https://vaz.ac/dev/csp/sw/index.html","status-code":0,"script-sample":""}}
[0] https://w3c.github.io/webappsec-csp/#report-violation
[1] https://fetch.spec.whatwg.org/#request-service-workers-mode
[2] https://github.com/w3c/webappsec-csp/issues/383
[3] https://vaz.ac/dev/csp/sw/index.html
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190207/3e6e2eeb/attachment.html>
More information about the webkit-unassigned
mailing list