Summary: | CSP reports should send an empty "blocked-uri" rather than nothing. | ||||||
---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Mike West <mkwst> | ||||
Component: | New Bugs | Assignee: | Mike West <mkwst> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | Normal | CC: | abarth, webkit.review.bot | ||||
Priority: | P2 | Keywords: | WebExposed | ||||
Version: | 528+ (Nightly build) | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Attachments: |
|
Description
Mike West
2012-09-20 13:19:12 PDT
Created attachment 164973 [details]
Patch
WDYT, Adam? Comment on attachment 164973 [details]
Patch
Yeah. The spec is slightly vague about what to do here. Would you mind making the 1.1 spec clear that you should send the empty string if there isn't a URL?
(In reply to comment #3) > (From update of attachment 164973 [details]) > Yeah. The spec is slightly vague about what to do here. Would you mind making the 1.1 spec clear that you should send the empty string if there isn't a URL? I wouldn't mind at all. https://dvcs.w3.org/hg/content-security-policy/rev/30fbe5c8e84f Comment on attachment 164973 [details] Patch Clearing flags on attachment: 164973 Committed r129168: <http://trac.webkit.org/changeset/129168> All reviewed patches have been landed. Closing bug. |