Bug 60402 - Implement "Report-Only" mode for CSP
: Implement "Report-Only" mode for CSP
Status: RESOLVED FIXED
: WebKit
New Bugs
: 528+ (Nightly build)
: Unspecified Unspecified
: P2 Normal
Assigned To:
:
:
:
: 53572
  Show dependency treegraph
 
Reported: 2011-05-06 14:23 PST by
Modified: 2011-05-06 19:13 PST (History)


Attachments
Patch (9.11 KB, patch)
2011-05-06 14:24 PST, Adam Barth
no flags Review Patch | Details | Formatted Diff | Diff
Patch (9.40 KB, patch)
2011-05-06 17:24 PST, Adam Barth
no flags Review Patch | Details | Formatted Diff | Diff


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2011-05-06 14:23:08 PST
Implement "Report-Only" mode for CSP
------- Comment #1 From 2011-05-06 14:24:41 PST -------
Created an attachment (id=92639) [details]
Patch
------- Comment #2 From 2011-05-06 16:52:50 PST -------
(From update of attachment 92639 [details])
View in context: https://bugs.webkit.org/attachment.cgi?id=92639&action=review

> Source/WebCore/page/ContentSecurityPolicy.cpp:553
> +    return m_reportOnly;

This is a bit confusing since in the "pass" case, return m_reportOnly would return the inverse of what you wanted.  Maybe this should be some helper function?  I'm not sure the name.  falseIfEnforcingPolicy()?  !enforcingPolicy()?  false || m_reportOnly?  I'm not sure.  This may be fine as is, just smells a little funny.
------- Comment #3 From 2011-05-06 17:08:32 PST -------
The "pass" case is handled two lines above.  This return statement is only encountered after we've fired off the violation report.
------- Comment #4 From 2011-05-06 17:09:21 PST -------
I can see wrapping it in a function though.

return denyIfEnforcingPolicy();

???
------- Comment #5 From 2011-05-06 17:24:13 PST -------
Created an attachment (id=92662) [details]
Patch
------- Comment #6 From 2011-05-06 17:46:06 PST -------
(From update of attachment 92662 [details])
LGTM.
------- Comment #7 From 2011-05-06 17:46:47 PST -------
Of course now it feels like we should have an Allow/Deny enum (mapping to 1, 0 of course). :)
------- Comment #8 From 2011-05-06 19:13:24 PST -------
(From update of attachment 92662 [details])
Clearing flags on attachment: 92662

Committed r85993: <http://trac.webkit.org/changeset/85993>
------- Comment #9 From 2011-05-06 19:13:28 PST -------
All reviewed patches have been landed.  Closing bug.