Bug 235602

Summary:

CSP: Clean up effective-violation handling in reports

Product:

WebKit

Reporter:

Patrick Griffis <pgriffis>

Component:

WebCore Misc.

Assignee:

Patrick Griffis <pgriffis>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

ews-watchlist, katherine_cheney, mkwst, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	none
Patch	none
Patch	none
Patch	none
Patch	none
Patch	none
Patch	none
Patch for landing	ews-feeder: commit-queue-

Description Patrick Griffis 2022-01-25 12:31:38 PST

CSP: Clean up effective-violation handling in reports

Comment 1 Patrick Griffis 2022-01-25 12:32:30 PST Comment hidden (obsolete)

Created attachment 449953 [details]
Patch

Comment 2 Patrick Griffis 2022-01-25 12:57:36 PST Comment hidden (obsolete)

Created attachment 449959 [details]
Patch

Comment 3 Patrick Griffis 2022-01-26 08:41:59 PST Comment hidden (obsolete)

Created attachment 450024 [details]
Patch

Comment 4 Patrick Griffis 2022-01-27 07:07:47 PST Comment hidden (obsolete)

Created attachment 450133 [details]
Patch

Comment 5 Patrick Griffis 2022-01-27 07:36:11 PST Comment hidden (obsolete)

Created attachment 450135 [details]
Patch

Comment 6 Patrick Griffis 2022-01-27 07:38:05 PST

Created attachment 450136 [details]
Patch

Comment 7 Kate Cheney 2022-01-27 08:50:11 PST

Comment on attachment 450136 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=450136&action=review

r=me once EWS is happy.

> Source/WebCore/page/csp/ContentSecurityPolicy.cpp:74
> +    // Normalize script-src and style-src for logs as its generally what developers use

nit: missing a period at the end of this comment.

> Source/WebCore/page/csp/ContentSecurityPolicy.cpp:75
> +    if (violatedDirective.nameForReporting().startsWith(ContentSecurityPolicyDirectiveNames::scriptSrc))

you could remove the else statements and have fewer lines of code if you do something like:

String name = violatedDirective.nameForReporting();
if (violatedDirective.nameForReporting().startsWith(ContentSecurityPolicyDirectiveNames::scriptSrc))
    name = ContentSecurityPolicyDirectiveNames::scriptSrc;
if (violatedDirective.nameForReporting().startsWith(ContentSecurityPolicyDirectiveNames::styleSrc))
    name = ContentSecurityPolicyDirectiveNames::styleSrc;

> Source/WebCore/page/csp/ContentSecurityPolicy.cpp:809
> +    violationEventInit.violatedDirective = effectiveViolatedDirective; // Historical alias to effectiveDirective: https://www.w3.org/TR/CSP3/#violation-events

nit: comment is missing a period.

Comment 8 Patrick Griffis 2022-01-27 09:07:33 PST Comment hidden (obsolete)

Created attachment 450145 [details]
Patch

Comment 9 Patrick Griffis 2022-01-27 09:11:31 PST

Created attachment 450146 [details]
Patch for landing

Comment 10 EWS 2022-01-27 10:15:12 PST

Committed r288678 (246484@main): <https://commits.webkit.org/246484@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 450146 [details].

Comment 11 Radar WebKit Bug Importer 2022-01-27 10:16:39 PST

<rdar://problem/88140258>