Add [Learn more] for CSPViolation message and point to MDN docs

NEW
Unassigned

Status

()

Core
DOM: Security
P3
normal
a year ago
a year ago

People

(Reporter: fscholz, Unassigned)

Tracking

(Blocks: 1 bug)

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [domsecurity-backlog1])

(Reporter)

Description

a year ago
The CSPViolation error that is thrown seems to be quite complicated [1] for web developers. Let's add a [Learn more] link pointing to MDN for this which has been very successful for JS errors [2].

Following up on bug 1296027 comment 10

> 2) If we set the errorMessageName field on these errors and modified the
> errordocs actor with a doc link we could have a 'learn more' link show up to
> point to MDN: https://dxr.mozilla.org/mozilla-central/source/devtools/server/actors/errordocs.js.  
> Florian (cc'ed) has been working on this for other errors and it could be a nice enhancement.


Looks like there are two kinds of messages here which could both point to the same MDN doc:

CSPViolation = The page’s settings blocked the loading of a resource: %1$S
CSPViolationWithURI = The page’s settings blocked the loading of a resource at %2$S (“%1$S”).

We are making progress on MDN to document HTTP and CSP, but at this point there is no dedicated page for this error yet. However, I will happily help to write up a page for this, if anyone wants to implement a [Learn more] link to the console now.

[1] bug 1267389, bug 1279894, bug 1296027
[2] https://hacks.mozilla.org/2016/06/helping-web-developers-with-javascript-errors/
Sounds reasonable to me - putting in the backlog. It's already blocking the right Bug where we track CSP console message improvements (Bug 1242016).
Priority: -- → P3
Whiteboard: [domsecurity-backlog1]
You need to log in before you can comment on or make changes to this bug.