Summary: | CSP reports are not sent | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Scott Helme <scotthelme> | ||||||
Component: | Page Loading | Assignee: | Nobody <webkit-unassigned> | ||||||
Status: | RESOLVED CONFIGURATION CHANGED | ||||||||
Severity: | Normal | CC: | beidson, bfulgham, bsdkurt, dbates, mkwst, simon.fraser, webkit-bug-importer, wilander | ||||||
Priority: | P2 | Keywords: | InRadar | ||||||
Version: | Safari 10 | ||||||||
Hardware: | All | ||||||||
OS: | All | ||||||||
Attachments: |
|
Description
Scott Helme
2017-06-13 07:56:14 PDT
CCing folks who might be able to triage this for you, Scott. I am able to reproduce in Safari Version 10.1 (12603.1.24). Using Google Chrome for Mac Version 60.0.3112.24 (Official Build) beta (64-bit) I see that it made 5 requests to https://scotthelme.report-uri.io/r/default/csp/reportOnly of which 4 are marked with status "(canceled)" and one has a HTTP 403 "Forbidden" status code. Any updates on this yet? I'm still seeing the problem and also hearing it reported more widely. It'd be great to see if there's something that can be done to resolve. This still seems to be ongoing, any updates? Just checking in again. Any movement on this? (In reply to Scott Helme from comment #6) > Just checking in again. Any movement on this? I hope to look into this issue next week (09/05) at latest the week after that. If you want to help expedite progress it would be great to post a reduced test case to this bug. (If you really want to expedite the fix then posting a patch with a layout test would be even better). Created attachment 332542 [details]
Fixed in Safari TP.
This issue is still present in Safari 11.0.2 (13604.4.7.1.6) but it does appear to be fixed in Safari Technology Preview Release 48 (Safari 11.2, WebKit 13606.1.2.2). The requests are reported as type 'ping', perhaps that could be clarified and they could be 'csp-report' instead? I've attached a screenshot of Safari TP sending reports. (In reply to Scott Helme from comment #9) > This issue is still present in Safari 11.0.2 (13604.4.7.1.6) but it does > appear to be fixed in Safari Technology Preview Release 48 (Safari 11.2, > WebKit 13606.1.2.2). > > The requests are reported as type 'ping', perhaps that could be clarified > and they could be 'csp-report' instead? > Please file a Web Inspector bug with this enhancement request. (In reply to Scott Helme from comment #8) > Created attachment 332542 [details] > Fixed in Safari TP. Various changes were made to the ping loading machinery in WebKit2. Marking Resolved Configuration Changed. When I have a chance, I'll look find the progression. This bug appears to be back again. Scott, can you be more specific? What Safari/STP version did you test in? We see that CSP reports are being sent properly in current software. |