Closed Bug 1038973 Opened 10 years ago Closed 9 years ago

Allow Content-Security-Policy reports to be intercepted by ServiceWorkers

Categories

(Core :: DOM: Workers, defect)

Product:
Core
Component:
DOM: Workers
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1147996

People

(Reporter: kuza55, Unassigned)

References

Details

Content Security Policy provides a mechanism for violations to be reported to a URL that has been specified via the report-uri directive.

However, the data format that it is sent in is fixed and doesn't give javascript the ability to inspect or massage the data before it is sent to the server.

It would be helpful if a ServiceWorker could intercept and examine the request so that we could, e.g. reduce network traffic from known issues such as chrome extensions or send the data back in a more convenient format for the CSP report collector.

I talked to nsm about whether this feature was going to be implemented, but was told this sounded like a spec issue, so I filed a spec bug at https://github.com/slightlyoff/ServiceWorker/issues/367

And received some clarification saying that CSP reports should be considered resource requests for the purposes of Service Workers, so it sounds like this is already covered by the spec.

I've also received some indication from dveditz that the securitypolicyviolation event that was pointed out to me in that github thread is not likely to be implemented in Firefox (and would have a longer timeline to implemention than ServiceWorker integration anyway).
Blocks: ServiceWorkers
jdm does this already happen? Feel free to bump to v2 if you feel that is more appropriate.
Blocks: ServiceWorkers-v1
No longer blocks: ServiceWorkers
Flags: needinfo?(josh)
I already fixed this a while ago.
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Flags: needinfo?(josh)
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.