CSP reports should send an empty "blocked-uri" rather than nothing.
Created attachment 164973 [details] Patch
WDYT, Adam?
Comment on attachment 164973 [details] Patch Yeah. The spec is slightly vague about what to do here. Would you mind making the 1.1 spec clear that you should send the empty string if there isn't a URL?
(In reply to comment #3) > (From update of attachment 164973 [details]) > Yeah. The spec is slightly vague about what to do here. Would you mind making the 1.1 spec clear that you should send the empty string if there isn't a URL? I wouldn't mind at all. https://dvcs.w3.org/hg/content-security-policy/rev/30fbe5c8e84f
Comment on attachment 164973 [details] Patch Clearing flags on attachment: 164973 Committed r129168: <http://trac.webkit.org/changeset/129168>
All reviewed patches have been landed. Closing bug.