Closed Bug 1302962 Opened 8 years ago Closed 7 years ago

CSP: Implement SecurityPolicyViolationEvent

Categories

(Core :: DOM: Security, defect, P3)

Product:
Core
Component:
DOM: Security
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1037335

People

(Reporter: ckerschb, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-backlog1])

Blocks: csp-w3c-3
Priority: -- → P3
Whiteboard: [domsecurity-backlog1]
I'd suggest that y'all take a look at this sooner rather than later; not only is this helpful to developers who wish to diagnose CSP issues, they're necessary for interop testing.

Without the event, web platform tests have to hit a server-side endpoint after waiting long enough for a report to probably have been sent. They're flaky and slow. The tests we're writing for new features (and plan to upstream) rely heavily on the event. See https://github.com/w3c/web-platform-tests/pull/4020 for example. Until y'all have this event implemented, it's going to be pretty tough for us to verify Chrome's behavior against Firefox's. 

Perhaps this is something small that could sneak onto Q4's roadmap?
Following on from Mike's comment above it'd be really useful to see this implemented. 

The adoption of CSP is increasing at a pretty impressive rate and the ability to interact with these events on the client side would be enormously useful.
Christoph: is this different than bug 1037335? Looks like a dupe, and the older one has been getting some traction.
Flags: needinfo?(ckerschb)
That is a dupe. Chung Sheng started working on Security Policy Violation events over in Bug 1037335.
Status: NEW → RESOLVED
Closed: 7 years ago
Flags: needinfo?(ckerschb)
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.