CSP: Implement SecurityPolicyViolationEvent

RESOLVED DUPLICATE of bug 1037335

Status

()

Core
DOM: Security
P3
normal
RESOLVED DUPLICATE of bug 1037335
a year ago
a month ago

People

(Reporter: ckerschb, Unassigned)

Tracking

(Blocks: 1 bug)

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [domsecurity-backlog1])

https://www.w3.org/TR/CSP3/#violation-events
(Reporter)

Updated

a year ago
Blocks: 1231788
Priority: -- → P3
Whiteboard: [domsecurity-backlog1]
Keywords: dev-doc-needed

Comment 1

a year ago
I'd suggest that y'all take a look at this sooner rather than later; not only is this helpful to developers who wish to diagnose CSP issues, they're necessary for interop testing.

Without the event, web platform tests have to hit a server-side endpoint after waiting long enough for a report to probably have been sent. They're flaky and slow. The tests we're writing for new features (and plan to upstream) rely heavily on the event. See https://github.com/w3c/web-platform-tests/pull/4020 for example. Until y'all have this event implemented, it's going to be pretty tough for us to verify Chrome's behavior against Firefox's. 

Perhaps this is something small that could sneak onto Q4's roadmap?

Comment 2

2 months ago
Following on from Mike's comment above it'd be really useful to see this implemented. 

The adoption of CSP is increasing at a pretty impressive rate and the ability to interact with these events on the client side would be enormously useful.

Updated

2 months ago
See Also: → bug 1376949
Christoph: is this different than bug 1037335? Looks like a dupe, and the older one has been getting some traction.
Flags: needinfo?(ckerschb)
(Reporter)

Comment 4

2 months ago
That is a dupe. Chung Sheng started working on Security Policy Violation events over in Bug 1037335.
Status: NEW → RESOLVED
Last Resolved: 2 months ago
Flags: needinfo?(ckerschb)
Resolution: --- → DUPLICATE
Duplicate of bug: 1037335
Keywords: dev-doc-needed
You need to log in before you can comment on or make changes to this bug.