|Summary:||Implement "Report-Only" mode for CSP|
|Product:||WebKit||Reporter:||Adam Barth <abarth>|
|Component:||New Bugs||Assignee:||Adam Barth <abarth>|
|Version:||528+ (Nightly build)|
|Bug Depends on:|
Description Adam Barth 2011-05-06 14:23:08 PDT
Implement "Report-Only" mode for CSP
Comment 2 Eric Seidel (no email) 2011-05-06 16:52:50 PDT
Comment on attachment 92639 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=92639&action=review > Source/WebCore/page/ContentSecurityPolicy.cpp:553 > + return m_reportOnly; This is a bit confusing since in the "pass" case, return m_reportOnly would return the inverse of what you wanted. Maybe this should be some helper function? I'm not sure the name. falseIfEnforcingPolicy()? !enforcingPolicy()? false || m_reportOnly? I'm not sure. This may be fine as is, just smells a little funny.
Comment 3 Adam Barth 2011-05-06 17:08:32 PDT
The "pass" case is handled two lines above. This return statement is only encountered after we've fired off the violation report.
Comment 4 Adam Barth 2011-05-06 17:09:21 PDT
I can see wrapping it in a function though. return denyIfEnforcingPolicy(); ???
Comment 6 Eric Seidel (no email) 2011-05-06 17:46:06 PDT
Comment on attachment 92662 [details] Patch LGTM.
Comment 7 Eric Seidel (no email) 2011-05-06 17:46:47 PDT
Of course now it feels like we should have an Allow/Deny enum (mapping to 1, 0 of course). :)
Comment 8 WebKit Commit Bot 2011-05-06 19:13:24 PDT
Comment on attachment 92662 [details] Patch Clearing flags on attachment: 92662 Committed r85993: <http://trac.webkit.org/changeset/85993>
Comment 9 WebKit Commit Bot 2011-05-06 19:13:28 PDT
All reviewed patches have been landed. Closing bug.