Bug 97256

Summary:

CSP reports should send an empty "blocked-uri" rather than nothing.

Product:

WebKit

Reporter:

Mike West <mkwst>

Component:

New Bugs

Assignee:

Mike West <mkwst>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

abarth, webkit.review.bot

Priority:

Keywords:

WebExposed

Version:

528+ (Nightly build)

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	none

Description Mike West 2012-09-20 13:19:12 PDT

CSP reports should send an empty "blocked-uri" rather than nothing.

Comment 1 Mike West 2012-09-20 13:33:59 PDT

Created attachment 164973 [details]
Patch

Comment 2 Mike West 2012-09-20 13:40:45 PDT

WDYT, Adam?

Comment 3 Adam Barth 2012-09-20 13:45:56 PDT

Comment on attachment 164973 [details]
Patch

Yeah.  The spec is slightly vague about what to do here.  Would you mind making the 1.1 spec clear that you should send the empty string if there isn't a URL?

Comment 4 Mike West 2012-09-20 14:18:32 PDT

(In reply to comment #3)
> (From update of attachment 164973 [details])
> Yeah.  The spec is slightly vague about what to do here.  Would you mind making the 1.1 spec clear that you should send the empty string if there isn't a URL?

I wouldn't mind at all. https://dvcs.w3.org/hg/content-security-policy/rev/30fbe5c8e84f

Comment 5 WebKit Review Bot 2012-09-20 14:24:49 PDT

Comment on attachment 164973 [details]
Patch

Clearing flags on attachment: 164973

Committed r129168: <http://trac.webkit.org/changeset/129168>

Comment 6 WebKit Review Bot 2012-09-20 14:24:52 PDT

All reviewed patches have been landed.  Closing bug.