Closed
Bug 1038973
Opened 10 years ago
Closed 10 years ago
Allow Content-Security-Policy reports to be intercepted by ServiceWorkers
Categories
(Core :: DOM: Workers, defect)
Core
DOM: Workers
Tracking
()
RESOLVED
DUPLICATE
of bug 1147996
People
(Reporter: kuza55, Unassigned)
References
Details
Content Security Policy provides a mechanism for violations to be reported to a URL that has been specified via the report-uri directive. However, the data format that it is sent in is fixed and doesn't give javascript the ability to inspect or massage the data before it is sent to the server. It would be helpful if a ServiceWorker could intercept and examine the request so that we could, e.g. reduce network traffic from known issues such as chrome extensions or send the data back in a more convenient format for the CSP report collector. I talked to nsm about whether this feature was going to be implemented, but was told this sounded like a spec issue, so I filed a spec bug at https://github.com/slightlyoff/ServiceWorker/issues/367 And received some clarification saying that CSP reports should be considered resource requests for the purposes of Service Workers, so it sounds like this is already covered by the spec. I've also received some indication from dveditz that the securitypolicyviolation event that was pointed out to me in that github thread is not likely to be implemented in Firefox (and would have a longer timeline to implemention than ServiceWorker integration anyway).
Blocks: ServiceWorkers
jdm does this already happen? Feel free to bump to v2 if you feel that is more appropriate.
Flags: needinfo?(josh)
Updated•10 years ago
|
Comment 2•10 years ago
|
||
I already fixed this a while ago.
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Flags: needinfo?(josh)
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•