This is a tracking bug for all open bugs requesting security error logging to the Web Console. Thanks to 837351, we can now log security errors relevant to web developers to a dedicated pane in the Web Console (and simultaneously to the Error Console). We also now have a dedicated security.properties file to use for storing localizable message strings. New security features should use this functionality, and I will create additional bugs to fix any security features that do not currently log to the Web Console but should, or that log to the incorrect pane (previously it was common to overload the JS pane).
In order to have your errors appear in the web console, use the following checklist: 1. Your error messages should be localized strings. If you are reporting from Gecko code, I recommend storing the strings in dom/locales/en-US/chrome/security/security.properties. You can then use the eSECURITY_PROPERTIES enum value to reference it. If you use format string specifiers in your messages, make sure you leave comments explaining them for the localization team! 2. Report an nsIScriptError, either by creating the error object and reporting it to the nsIConsoleService manually, or by using the nsContentUtils::ReportToConsole helper function. 3. Define a category for your errors. We currently use specific strings like "CSP", "CORS", etc. 4. Modify categoryForScriptError() in browser/devtools/webconsole/webconsole.js code so it sorts nsIScriptErrors with this category into the appropriate group (JS, CSS, Security, etc.). Simply add a new case statement with the category of your new errors.