154288 – CSP: Violation report should include HTTP status code and effective-directive of protected resource

RESOLVED FIXED 154288

CSP: Violation report should include HTTP status code and effective-directive of protected resource

https://bugs.webkit.org/show_bug.cgi?id=154288

Summary CSP: Violation report should include HTTP status code and effective-directive...

Daniel Bates

Reported 2016-02-16 06:42:37 PST

The Content Security Policy violation report should include the HTTP status code of the protected resource as per <https://w3c.github.io/webappsec-csp/2/#violation-reports> (29 August 2015): [[ 4.4. Reporting ... To generate a violation report object, the user agent MUST use an algorithm equivalent to the following: Prepare a JSON object violation with the following keys and values: blocked-uri The originally requested URL of the resource that was prevented from loading, stripped for reporting, or the empty string if the resource has no URL (inline script and inline style, for example). ... status-code The status-code of the HTTP response that contained the protected resource, if the protected resource was obtained over HTTP. Otherwise, the number 0. ... ]]

Attachments
Patch and Layout Tests (42.11 KB, patch) 2016-02-18 12:01 PST, Daniel Bates	bfulgham: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2016-02-16 06:42:55 PST

<rdar://problem/24674982>

Daniel Bates

Comment 2 2016-02-18 10:53:28 PST

We should also include the effective-directive key in the violation report.

Daniel Bates

Comment 3 2016-02-18 12:01:45 PST

Created attachment 271679 [details] Patch and Layout Tests This patch will fail to apply because it depends on changes to file LayoutTests/TestExpectations made in the patch for bug #154307.

Brent Fulgham

Comment 4 2016-02-18 17:46:11 PST

Comment on attachment 271679 [details] Patch and Layout Tests r=me.

Brent Fulgham

Comment 5 2016-02-18 17:47:42 PST

*** Bug 115707 has been marked as a duplicate of this bug. ***

Daniel Bates

Comment 6 2016-02-21 11:45:46 PST

Committed r196876: <http://trac.webkit.org/changeset/196876>

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Local Build

Hardware All

OS All

Product WebKit

Component WebCore Misc.

Assignee

Daniel Bates

Reported

2016-02-16 06:42 PST

Modified

2016-02-21 11:45 PST History

CC List

5 users Show

URL

Keywords InRadar, WebExposed

Duplicates (1)

115707 View as bug list

Depends on

154307

Blocks

Dependencies

tree graph