Closed Bug 1896344 Opened 1 year ago Closed 1 year ago

Add `CSPViolationData` to reflect the spec more clearly

Categories

(Core :: DOM: Security, enhancement)

Product:
Core
Component:
DOM: Security
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
129 Branch
Tracking Flags:
Tracking Status
firefox129 --- fixed

People

(Reporter: mbrodesser, Assigned: mbrodesser)

References

(Blocks 1 open bug)

Details

(Whiteboard: [domsecurity-active])

Attachments

(7 files)

Bug 1896344: part 1) Add `CSPViolationData` struct with `mViolatedPolicyIndex`. r=tschuster
48 bytes, text/x-phabricator-request
Details | Review
Bug 1896344: part 2) Add `mResource` to `CSPViolationData`. r=tschuster
48 bytes, text/x-phabricator-request
Details | Review
Bug 1896344: part 3) Add line- and column-numbers to `CSPViolationData`. r=tschuster
48 bytes, text/x-phabricator-request
Details | Review
Bug 1896344: part 4) Move script-sample to `CSPViolationData`. r=tschuster
48 bytes, text/x-phabricator-request
Details | Review
Bug 1896344: part 5) Move source file to `CSPViolationData`. r=tschuster
48 bytes, text/x-phabricator-request
Details | Review
Bug 1896344: part 6) Move the element which triggered the violation to `CSPViolationData`. r=tschuster
48 bytes, text/x-phabricator-request
Details | Review
Bug 1896344: part 7) Move effective directive to `CSPViolationData`. r=tschuster
48 bytes, text/x-phabricator-request
Details | Review

Currently, the data a violation (https://w3c.github.io/webappsec-csp/#violation) contains is spread over multiple variables, mixed with other data and passed to CSPReportSenderRunnable (https://searchfox.org/mozilla-central/rev/ee2ad260c25310a9fbf96031de05bbc0e94394cc/dom/security/nsCSPContext.cpp#1378).

This is confusing, when creating a new violation.

Closer to the spec.

Other members will be added in separate patches. Initializing
CSPViolationData will be propagated up to
nsCSPContext::AsyncReportViolation in other patches too.

The struct is suffixed with Data, because of
https://searchfox.org/mozilla-central/rev/729361e481cf63c8d2b5617a6ff589f53e302520/dom/workers/remoteworkers/RemoteWorkerTypes.ipdlh#118.

Whiteboard: [domsecurity-active]
Pushed by mbrodesser@igalia.com: https://hg.mozilla.org/integration/autoland/rev/9de9a0cafcf3 part 1) Add `CSPViolationData` struct with `mViolatedPolicyIndex`. r=tschuster https://hg.mozilla.org/integration/autoland/rev/76f8cba96569 part 2) Add `mResource` to `CSPViolationData`. r=tschuster https://hg.mozilla.org/integration/autoland/rev/630c85c0c7e4 apply code formatting via Lando
Attachment #9406937 - Attachment description: Bug 1896344: part 4) Move script-sample to `CSPViolationData`. r=tschuster → Bug 1896344: part 4) Move script-sample to `CSPViolationData`. r=tschuster
Pushed by mbrodesser@igalia.com: https://hg.mozilla.org/integration/autoland/rev/5d0a99740b88 part 3) Add line- and column-numbers to `CSPViolationData`. r=tschuster https://hg.mozilla.org/integration/autoland/rev/6863b8134c9f part 4) Move script-sample to `CSPViolationData`. r=tschuster
Pushed by mbrodesser@igalia.com: https://hg.mozilla.org/integration/autoland/rev/b829c66ee57f part 5) Move source file to `CSPViolationData`. r=tschuster https://hg.mozilla.org/integration/autoland/rev/0b77c4e26e2f part 6) Move the element which triggered the violation to `CSPViolationData`. r=tschuster https://hg.mozilla.org/integration/autoland/rev/cbcfc1175b1d part 7) Move effective directive to `CSPViolationData`. r=tschuster https://hg.mozilla.org/integration/autoland/rev/89cc9109f716 apply code formatting via Lando
Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED
status-firefox129: --- → fixed
Target Milestone: --- → 129 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: