HPKP errors/reports are not displayed in the console or devtools anywhere
Reported by
scott.he...@gmail.com,
Aug 29 2016
|
|||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Steps to reproduce the problem: 1. Generate a HPKP error and note that nothing is shown in the console. To demonstrate this you can visit https://scotthelme.co.uk to get my policy and then https://hpkp.scotthelme.co.uk which violates it to generate the warning page. What is the expected behavior? An error message in the console with details would be handy. What went wrong? There is no error shown in the console. Did this work before? No Chrome version: 52.0.2743.116 Channel: stable OS Version: 10.0 Flash Version: Shockwave Flash 22.0 r0
,
Aug 29 2016
Removing view restriction and marking this as a feature request. Also related to issue 469471 which explains why the plumbing is kinda tricky for this. I don't think it would be all that useful to just display when a violation occurs (after all, the interstitial should make it clear that a violation occurred). But, it might be useful to somehow show in devtools when a report is sent, for developers debugging their reporting setups.
,
Aug 29 2016
Yeah, I was thinking how in CSP you can get some basic info from the console on what went wrong without having reporting enabled. Something similar for HPKP might be useful.
,
Aug 29 2016
,
Aug 29 2016
,
Nov 30 2016
,
Jun 7 2017
Unfortunately, I think we should close this out for now. I definitely see the value, but it would be a fairly large plumbing job to make this happen, and I don't think usage is high enough to justify the effort. HPKP reports can be seen in chrome://net-internals at least. |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by lgar...@chromium.org
, Aug 29 2016