A number of our CSP violations omit useful details like source files and line numbers: this->AsyncReportViolation(aURI, nullptr, /* originalURI in case of redirect */ violatedDirective, i, /* policy index */ EmptyString(), /* no observer subject */ EmptyString(), /* no source file */ EmptyString(), /* no script sample */ 0); /* no line number */ Source: https://mxr.mozilla.org/mozilla-central/source/dom/security/nsCSPContext.cpp#1110 We should fill those in as much as possible.
Severity: normal → enhancement
Priority: -- → P4
Assignee: nobody → francois
Component: Security → DOM: Security
Local logging -- yay! be careful if we are going to include this information in CSP reports because we've had some Same-Origin violation bugs for giving too much to a potentially hostile reporting site.
2 years ago
Assignee: francois → nobody
You need to log in before you can comment on or make changes to this bug.