Bug 154288 - CSP: Violation report should include HTTP status code and effective-directive of protected resource
Summary: CSP: Violation report should include HTTP status code and effective-directive...
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: WebKit Local Build
Hardware: All All
: P2 Normal
Assignee: Daniel Bates
Keywords: InRadar, WebExposed
: 115707 (view as bug list)
Depends on: 154307
  Show dependency treegraph
Reported: 2016-02-16 06:42 PST by Daniel Bates
Modified: 2016-02-21 11:45 PST (History)
5 users (show)

See Also:

Patch and Layout Tests (42.11 KB, patch)
2016-02-18 12:01 PST, Daniel Bates
bfulgham: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Bates 2016-02-16 06:42:37 PST
The Content Security Policy violation report should include the HTTP status code of the protected resource as per <https://w3c.github.io/webappsec-csp/2/#violation-reports> (29 August 2015):

4.4. Reporting


To generate a violation report object, the user agent MUST use an algorithm equivalent to the following:

Prepare a JSON object violation with the following keys and values:

        The originally requested URL of the resource that was prevented from loading, stripped for reporting, or 
        the empty string if the resource has no URL (inline script and inline style, for example).
        The status-code of the HTTP response that contained the protected resource, if the protected resource was
        obtained over HTTP. Otherwise, the number 0.
Comment 1 Radar WebKit Bug Importer 2016-02-16 06:42:55 PST
Comment 2 Daniel Bates 2016-02-18 10:53:28 PST
We should also include the effective-directive key in the violation report.
Comment 3 Daniel Bates 2016-02-18 12:01:45 PST
Created attachment 271679 [details]
Patch and Layout Tests

This patch will fail to apply because it depends on changes to file LayoutTests/TestExpectations made in the patch for bug #154307.
Comment 4 Brent Fulgham 2016-02-18 17:46:11 PST
Comment on attachment 271679 [details]
Patch and Layout Tests

Comment 5 Brent Fulgham 2016-02-18 17:47:42 PST
*** Bug 115707 has been marked as a duplicate of this bug. ***
Comment 6 Daniel Bates 2016-02-21 11:45:46 PST
Committed r196876: <http://trac.webkit.org/changeset/196876>