New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 646021 link

Starred by 2 users
Status: Fixed
Owner:
mkwst@chromium.org
Buried. Ping if important.
Closed: Nov 2016
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 2
Type: Feature



Sign in to add a comment

Extend SecurityPolicyViolationEvent to include policy disposition

Reported by shek...@gmail.com, Sep 12 2016 
UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36

Steps to reproduce the problem:
Creating this issue to track my change for SecurityPOlicyViolationEvent.
A change to Content Security Policy specification [1] introduces `disposition` property on the event. 

What is the expected behavior?
Implement `disposition` property on SecurityPolicyViolationEvent. 

What went wrong?
Cannot open bugs without going through this template.

Did this work before? N/A 

Chrome version: 52.0.2743.116  Channel: n/a
OS Version: OS X 10.11.6
Flash Version: Shockwave Flash 22.0 r0

Please assign this to me, CC mkwst@chromium.org

Comment 1 by shek...@gmail.com, Sep 12 2016 

Component can be set to Blink>SecurityFeature

Comment 2 by ellyjo...@chromium.org, Sep 13 2016

Components: Blink>SecurityFeature
Owner: mkwst@chromium.org
Status: Assigned (was: Unconfirmed)
Assigning to mkwst@ and tagging Blink>SecurityFeature per OP.
Project Member

Comment 3 by bugdroid1@chromium.org, Oct 14 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/ce907c889943d12088f498aff2f2a9cc29420613

commit ce907c889943d12088f498aff2f2a9cc29420613
Author: shekyan <shekyan@gmail.com>
Date: Fri Oct 14 19:49:27 2016

Add `disposition` to  SecurityPolicyViolationEvent

Recently, Content Security Policy specification introduced disposition
of violation [1]. This change extends the SecurityPolicyVioaltionEvent with
`disposition` property, that indicates the disposition of the violated policy.
Property value is a read-only string that corresponds to the policy
disposition [2], and can be either "enforce" or "report".

[1] https://w3c.github.io/webappsec-csp/#violation-disposition
[2] https://w3c.github.io/webappsec-csp/#policy-disposition

Intent to Ship - https://groups.google.com/a/chromium.org/d/topic/blink-dev/ip4dmVNr15Y/discussion

BUG= 646021 
R=mkwst@chromium.org

Review-Url: https://codereview.chromium.org/2331213002
Cr-Commit-Position: refs/heads/master@{#425438}

[modify] https://crrev.com/ce907c889943d12088f498aff2f2a9cc29420613/android_webview/tools/system_webview_shell/test/data/webexposed/global-interface-listing-expected.txt
[modify] https://crrev.com/ce907c889943d12088f498aff2f2a9cc29420613/third_party/WebKit/LayoutTests/fast/events/constructors/security-policy-violation-event-constructor-expected.txt
[modify] https://crrev.com/ce907c889943d12088f498aff2f2a9cc29420613/third_party/WebKit/LayoutTests/fast/events/constructors/security-policy-violation-event-constructor.html
[modify] https://crrev.com/ce907c889943d12088f498aff2f2a9cc29420613/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/report-uri-effective-directive-expected.txt
[modify] https://crrev.com/ce907c889943d12088f498aff2f2a9cc29420613/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/eval-allowed-in-report-only-mode-and-sends-report-expected.txt
[modify] https://crrev.com/ce907c889943d12088f498aff2f2a9cc29420613/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/eval-blocked-and-sends-report-expected.txt
[modify] https://crrev.com/ce907c889943d12088f498aff2f2a9cc29420613/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-and-enforce-expected.txt
[modify] https://crrev.com/ce907c889943d12088f498aff2f2a9cc29420613/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-data-uri-expected.txt
[modify] https://crrev.com/ce907c889943d12088f498aff2f2a9cc29420613/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-file-uri-expected.txt
[modify] https://crrev.com/ce907c889943d12088f498aff2f2a9cc29420613/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-uri-cross-origin-expected.txt
[modify] https://crrev.com/ce907c889943d12088f498aff2f2a9cc29420613/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-blocked-uri-expected.txt
[modify] https://crrev.com/ce907c889943d12088f498aff2f2a9cc29420613/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-cross-origin-no-cookies-expected.txt
[modify] https://crrev.com/ce907c889943d12088f498aff2f2a9cc29420613/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-only-expected.txt
[modify] https://crrev.com/ce907c889943d12088f498aff2f2a9cc29420613/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-only-from-header-expected.txt
[modify] https://crrev.com/ce907c889943d12088f498aff2f2a9cc29420613/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-same-origin-with-cookies-expected.txt
[modify] https://crrev.com/ce907c889943d12088f498aff2f2a9cc29420613/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-expected.txt
[modify] https://crrev.com/ce907c889943d12088f498aff2f2a9cc29420613/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-from-child-frame-expected.txt
[modify] https://crrev.com/ce907c889943d12088f498aff2f2a9cc29420613/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-from-inline-javascript-expected.txt
[modify] https://crrev.com/ce907c889943d12088f498aff2f2a9cc29420613/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-from-javascript-expected.txt
[modify] https://crrev.com/ce907c889943d12088f498aff2f2a9cc29420613/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-multiple-expected.txt
[modify] https://crrev.com/ce907c889943d12088f498aff2f2a9cc29420613/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-multiple-reversed-expected.txt
[modify] https://crrev.com/ce907c889943d12088f498aff2f2a9cc29420613/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-multiple.php
[modify] https://crrev.com/ce907c889943d12088f498aff2f2a9cc29420613/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/report-uri-scheme-relative-expected.txt
[modify] https://crrev.com/ce907c889943d12088f498aff2f2a9cc29420613/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/securitypolicyviolation-basics-expected.txt
[modify] https://crrev.com/ce907c889943d12088f498aff2f2a9cc29420613/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/securitypolicyviolation-basics.html
[modify] https://crrev.com/ce907c889943d12088f498aff2f2a9cc29420613/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/securitypolicyviolation-block-cross-origin-image-expected.txt
[modify] https://crrev.com/ce907c889943d12088f498aff2f2a9cc29420613/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/securitypolicyviolation-block-cross-origin-image-from-script-expected.txt
[modify] https://crrev.com/ce907c889943d12088f498aff2f2a9cc29420613/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/securitypolicyviolation-block-cross-origin-image-from-script.html
[modify] https://crrev.com/ce907c889943d12088f498aff2f2a9cc29420613/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/securitypolicyviolation-block-cross-origin-image.html
[modify] https://crrev.com/ce907c889943d12088f498aff2f2a9cc29420613/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/securitypolicyviolation-block-image-expected.txt
[modify] https://crrev.com/ce907c889943d12088f498aff2f2a9cc29420613/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/securitypolicyviolation-block-image-from-script-expected.txt
[modify] https://crrev.com/ce907c889943d12088f498aff2f2a9cc29420613/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/securitypolicyviolation-block-image-from-script.html
[modify] https://crrev.com/ce907c889943d12088f498aff2f2a9cc29420613/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/securitypolicyviolation/securitypolicyviolation-block-image.html
[modify] https://crrev.com/ce907c889943d12088f498aff2f2a9cc29420613/third_party/WebKit/LayoutTests/http/tests/security/mixedContent/strict-mode-image-blocked.https.html
[modify] https://crrev.com/ce907c889943d12088f498aff2f2a9cc29420613/third_party/WebKit/LayoutTests/http/tests/security/mixedContent/strict-mode-image-reportonly.https.php
[modify] https://crrev.com/ce907c889943d12088f498aff2f2a9cc29420613/third_party/WebKit/LayoutTests/virtual/stable/webexposed/global-interface-listing-expected.txt
[modify] https://crrev.com/ce907c889943d12088f498aff2f2a9cc29420613/third_party/WebKit/LayoutTests/webexposed/global-interface-listing-expected.txt
[modify] https://crrev.com/ce907c889943d12088f498aff2f2a9cc29420613/third_party/WebKit/Source/core/events/BUILD.gn
[add] https://crrev.com/ce907c889943d12088f498aff2f2a9cc29420613/third_party/WebKit/Source/core/events/SecurityPolicyViolationEvent.cpp
[modify] https://crrev.com/ce907c889943d12088f498aff2f2a9cc29420613/third_party/WebKit/Source/core/events/SecurityPolicyViolationEvent.h
[modify] https://crrev.com/ce907c889943d12088f498aff2f2a9cc29420613/third_party/WebKit/Source/core/events/SecurityPolicyViolationEvent.idl
[modify] https://crrev.com/ce907c889943d12088f498aff2f2a9cc29420613/third_party/WebKit/Source/core/events/SecurityPolicyViolationEventInit.idl
[modify] https://crrev.com/ce907c889943d12088f498aff2f2a9cc29420613/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp
[modify] https://crrev.com/ce907c889943d12088f498aff2f2a9cc29420613/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
[modify] https://crrev.com/ce907c889943d12088f498aff2f2a9cc29420613/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h

Comment 4 by mkwst@chromium.org, Nov 15 2016

Status: Fixed (was: Assigned)

Sign in to add a comment