Bug 60402 - Implement "Report-Only" mode for CSP
Summary: Implement "Report-Only" mode for CSP
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Adam Barth
URL:
Keywords:
Depends on:
Blocks: 53572
  Show dependency treegraph
 
Reported: 2011-05-06 14:23 PDT by Adam Barth
Modified: 2011-05-06 19:13 PDT (History)
2 users (show)

See Also:


Attachments
Patch (9.11 KB, patch)
2011-05-06 14:24 PDT, Adam Barth
no flags Details | Formatted Diff | Diff
Patch (9.40 KB, patch)
2011-05-06 17:24 PDT, Adam Barth
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Adam Barth 2011-05-06 14:23:08 PDT
Implement "Report-Only" mode for CSP
Comment 1 Adam Barth 2011-05-06 14:24:41 PDT
Created attachment 92639 [details]
Patch
Comment 2 Eric Seidel (no email) 2011-05-06 16:52:50 PDT
Comment on attachment 92639 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=92639&action=review

> Source/WebCore/page/ContentSecurityPolicy.cpp:553
> +    return m_reportOnly;

This is a bit confusing since in the "pass" case, return m_reportOnly would return the inverse of what you wanted.  Maybe this should be some helper function?  I'm not sure the name.  falseIfEnforcingPolicy()?  !enforcingPolicy()?  false || m_reportOnly?  I'm not sure.  This may be fine as is, just smells a little funny.
Comment 3 Adam Barth 2011-05-06 17:08:32 PDT
The "pass" case is handled two lines above.  This return statement is only encountered after we've fired off the violation report.
Comment 4 Adam Barth 2011-05-06 17:09:21 PDT
I can see wrapping it in a function though.

return denyIfEnforcingPolicy();

???
Comment 5 Adam Barth 2011-05-06 17:24:13 PDT
Created attachment 92662 [details]
Patch
Comment 6 Eric Seidel (no email) 2011-05-06 17:46:06 PDT
Comment on attachment 92662 [details]
Patch

LGTM.
Comment 7 Eric Seidel (no email) 2011-05-06 17:46:47 PDT
Of course now it feels like we should have an Allow/Deny enum (mapping to 1, 0 of course). :)
Comment 8 WebKit Commit Bot 2011-05-06 19:13:24 PDT
Comment on attachment 92662 [details]
Patch

Clearing flags on attachment: 92662

Committed r85993: <http://trac.webkit.org/changeset/85993>
Comment 9 WebKit Commit Bot 2011-05-06 19:13:28 PDT
All reviewed patches have been landed.  Closing bug.