Open Bug 1024562 Opened 10 years ago Updated 2 years ago

implement local-only violation reporting for CSP violations

Tracking

()

Status:

NEW

People

(Reporter: geekboy, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-backlog2])

Sid Stamm [:geekboy or :sstamm]

Reporter

Description

•

10 years ago

Some violation reports in CSP shouldn't go out to servers; in particular, frame-ancestors violations in report-only policies (that are ignored) should still be reported to the console but not transmitted to servers (as per the spec). For example, asyncReportViolation could have another argument, something like "isSensitive" or "isTainted", and the report won't be sent to the network (or a future imaginary csp-violation JS event).

Christoph Kerschbaumer [:ckerschb]

Updated

•

9 years ago

Priority: -- → P2

Whiteboard: [domsecurity-backlog]

Christoph Kerschbaumer [:ckerschb]

Updated

•

8 years ago

Blocks: csp-w3c-3

No longer depends on: CSP

Christoph Kerschbaumer [:ckerschb]

Updated

•

8 years ago

Priority: P2 → P3

Whiteboard: [domsecurity-backlog] → [domsecurity-backlog2]

BMO Automation

Updated

•

2 years ago

Severity: normal → S3

You need to log in before you can comment on or make changes to this bug.

Bugzilla

implement local-only violation reporting for CSP violations

Categories

(Core :: DOM: Security, enhancement, P3)

Tracking

()

People

(Reporter: geekboy, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-backlog2])

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Updated

Updated