Summary: | CSP reports should send an empty 'referrer' rather than nothing. | ||||||
---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Mike West <mkwst> | ||||
Component: | WebCore Misc. | Assignee: | Mike West <mkwst> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | Normal | CC: | abarth, webkit.review.bot | ||||
Priority: | P2 | Keywords: | WebExposed | ||||
Version: | 528+ (Nightly build) | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Attachments: |
|
Description
Mike West
2012-09-20 10:32:14 PDT
Created attachment 164942 [details]
Patch
At least one developer found this surprising. *shrug* It's a trivial change, and it's arguably a more explicit description of what's going on. WDYT, Adam? https://twitter.com/adam_baldwin/status/248836426131701760 <-- the thread. Comment on attachment 164942 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=164942&action=review > Source/WebCore/ChangeLog:11 > + Currently, if a protected resource doesn't have a referrer, then any > + Content Security Policy violations send a report that doesn't contain > + a referrer attribute. It's arguably friendlier to developers to include > + an explicitly empty attribute. Yeah, it's also what the spec says to do. :) (In reply to comment #4) > (From update of attachment 164942 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=164942&action=review > > > Source/WebCore/ChangeLog:11 > > + Currently, if a protected resource doesn't have a referrer, then any > > + Content Security Policy violations send a report that doesn't contain > > + a referrer attribute. It's arguably friendlier to developers to include > > + an explicitly empty attribute. > > Yeah, it's also what the spec says to do. :) Specs... ha! Like anyone reads those... Thanks! :) Comment on attachment 164942 [details] Patch Clearing flags on attachment: 164942 Committed r129150: <http://trac.webkit.org/changeset/129150> All reviewed patches have been landed. Closing bug. |