Bug 60402

Summary: Implement "Report-Only" mode for CSP
Product: WebKit Reporter: Adam Barth <abarth>
Component: New BugsAssignee: Adam Barth <abarth>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, eric
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 53572    
Attachments:
Description Flags
Patch
none
Patch none

Description Adam Barth 2011-05-06 14:23:08 PDT
Implement "Report-Only" mode for CSP
Comment 1 Adam Barth 2011-05-06 14:24:41 PDT
Created attachment 92639 [details]
Patch
Comment 2 Eric Seidel (no email) 2011-05-06 16:52:50 PDT
Comment on attachment 92639 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=92639&action=review

> Source/WebCore/page/ContentSecurityPolicy.cpp:553
> +    return m_reportOnly;

This is a bit confusing since in the "pass" case, return m_reportOnly would return the inverse of what you wanted.  Maybe this should be some helper function?  I'm not sure the name.  falseIfEnforcingPolicy()?  !enforcingPolicy()?  false || m_reportOnly?  I'm not sure.  This may be fine as is, just smells a little funny.
Comment 3 Adam Barth 2011-05-06 17:08:32 PDT
The "pass" case is handled two lines above.  This return statement is only encountered after we've fired off the violation report.
Comment 4 Adam Barth 2011-05-06 17:09:21 PDT
I can see wrapping it in a function though.

return denyIfEnforcingPolicy();

???
Comment 5 Adam Barth 2011-05-06 17:24:13 PDT
Created attachment 92662 [details]
Patch
Comment 6 Eric Seidel (no email) 2011-05-06 17:46:06 PDT
Comment on attachment 92662 [details]
Patch

LGTM.
Comment 7 Eric Seidel (no email) 2011-05-06 17:46:47 PDT
Of course now it feels like we should have an Allow/Deny enum (mapping to 1, 0 of course). :)
Comment 8 WebKit Commit Bot 2011-05-06 19:13:24 PDT
Comment on attachment 92662 [details]
Patch

Clearing flags on attachment: 92662

Committed r85993: <http://trac.webkit.org/changeset/85993>
Comment 9 WebKit Commit Bot 2011-05-06 19:13:28 PDT
All reviewed patches have been landed.  Closing bug.