Bug 244143 - [Reporting API] Hook up to Content-Security-Policy 'report-to' directive
Summary: [Reporting API] Hook up to Content-Security-Policy 'report-to' directive
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Brent Fulgham
URL:
Keywords: InRadar
Depends on: 243908
Blocks: 189365
  Show dependency treegraph
 
Reported: 2022-08-19 15:15 PDT by Brent Fulgham
Modified: 2022-08-30 18:35 PDT (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Brent Fulgham 2022-08-19 15:15:18 PDT 
Implement the stubs from Bug 243908 so that we can generate Reporting API reports for Content Security Policy rules.

This patch does the following:

1. Adds support for the "Reporting-Endpoints" header.
2. Exposes a Reporting object on Document and WorkerGlobalScope that can handle reports.
3. Implements a CSSViolationReportBody class (and JS binding)
4. Update the ContentSecurityPolicy implementation to generate a CSSViolationReportBody when the CSP directives include a report-to declaration.
5. Revises the CSP implementation to construct the JSON report body to match the new specification.
Comment 1 Radar WebKit Bug Importer 2022-08-19 15:15:54 PDT 
<rdar://problem/98900892>
Comment 4 Brent Fulgham 2022-08-24 09:31:38 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/3613
Comment 5 EWS 2022-08-30 17:14:55 PDT 
Committed 253966@main (42f5a93823a7): <https://commits.webkit.org/253966@main>

Reviewed commits have been landed. Closing PR #3613 and removing active labels.
Comment 6 felipe 2022-08-30 18:34:51 PDT 
Thanks
Comment 7 Brent Fulgham 2022-08-30 18:35:40 PDT 
(In reply to felipe from comment #6)
> Thanks

There’s still much to do, but we’re getting there!