Open Bug 1391243 Opened 7 years ago Updated 14 days ago

CSP: Implement report-to

Categories

(Core :: DOM: Core & HTML, enhancement, P3)

Product:
Core
Component:
DOM: Core & HTML
Type:
enhancement

Tracking

()

Status:
ASSIGNED

People

(Reporter: ckerschb, Assigned: freya.laluna, Mentored)

References

(Blocks 2 open bugs)

Details

(Whiteboard: [domsecurity-backlog1])

Attachments

(2 files)

Bug 1391243 - Implementing Report-To Directive
48 bytes, text/x-phabricator-request
Details | Review
Bug 1391243 - Revised ReportDeliver Notify Method
48 bytes, text/x-phabricator-request
Details | Review
Blocks: csp-w3c-3
Priority: -- → P3
Whiteboard: [domsecurity-backlog1]
Blocks: 1631237
Severity: normal → S3

issue still open since 6+ years blocking consensus for transition report-uri -> report-to.
see: https://w3c.github.io/webappsec-csp/#directive-report-uri

Component: DOM: Security → DOM: Core & HTML

Updated report processing to include support for
report-to directive. Currently supports report-building
and sending through nsCSPContext::SendReports.

Duplicate of this bug: 1873034
Mentor: sefeng
Assignee: nobody → freya.laluna
Status: NEW → ASSIGNED

Changed how ReportDeliver::Notify is dispatched from ReportDeliver::AppendReportData. Now, instead of relying on a predetermined timer to call Notify, it is dispatched to the current thread queue in a Runnable.
Additionally changed credentials mode to RequestCredentials::Same_origin in ReportDeliver::SendReports to align with W3C reporting specifications,

Attachment #9370668 - Attachment description: WIP: Bug 1391243 - Implementing Report-To Directive → Bug 1391243 - Implementing Report-To Directive
Attachment #9387944 - Attachment description: WIP: Bug 1391243 - Revised ReportDeliver Notify Method → Bug 1391243 - Revised ReportDeliver Notify Method
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: