Project: chromium Issues People Development process History Sign in
New issue
Advanced search Search tips
Starred by 2 users
Status: Assigned
Owner:
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux, Android, Windows, Chrome, Mac
Pri: 2
Type: Launch-OWP
Launch-Accessibility: ----
Launch-Legal: ----
Launch-M-Approved: ----
Launch-M-Target: ----
Launch-Privacy: ----
Launch-Security: ----
Launch-Status: ----
Launch-Test: ----
Launch-UI: ----
Product-Review: ----

Blocked on:
issue 676016



Sign in to add a comment
CSP: `report-to` directive.
Project Member Reported by mkwst@chromium.org, May 26 Back to list
The `report-to` directive wires CSP violation reports up to the Reporting API (https://wicg.github.io/reporting/), and deprecates the existing `report-uri` directive.
 
Labels: -OS-Fuchsia
Project Member Comment 2 by bugdroid1@chromium.org, Jul 10
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/fae14c9c5320d1e0b0672cf67c98bbdcf92318af

commit fae14c9c5320d1e0b0672cf67c98bbdcf92318af
Author: Andy Paicu <andypaicu@chromium.org>
Date: Mon Jul 10 12:38:34 2017

Add use counter that tracks whether multiple report endpoints are used

In order to help make a decision if the new reporting api should support
multiple endpoints, I've added an use counter to see how frequently the
current report-uri directive is used with multiple reporting endpoints
Spec: https://wicg.github.io/reporting/

Bug: 726634
Change-Id: I47353b559a2f57a022b2a5300ea5e2cdb88e0677
Reviewed-on: https://chromium-review.googlesource.com/563378
Commit-Queue: Andy Paicu <andypaicu@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Cr-Commit-Position: refs/heads/master@{#485243}
[modify] https://crrev.com/fae14c9c5320d1e0b0672cf67c98bbdcf92318af/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp
[modify] https://crrev.com/fae14c9c5320d1e0b0672cf67c98bbdcf92318af/third_party/WebKit/public/platform/web_feature.mojom
[modify] https://crrev.com/fae14c9c5320d1e0b0672cf67c98bbdcf92318af/tools/metrics/histograms/enums.xml

Project Member Comment 3 by bugdroid1@chromium.org, Aug 1
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/9aad7f8d6f6b48250730367506518c2941d6773d

commit 9aad7f8d6f6b48250730367506518c2941d6773d
Author: Andy Paicu <andypaicu@chromium.org>
Date: Tue Aug 01 13:54:26 2017

Allowed parsing reporting endpoints through the `report-to` directive

This patch adds functionality to parse the `report-to` csp directive
It does not actually do any reporting
It does not update the content layer csp version
Spec: https://wicg.github.io/reporting/

Bug: 726634
Change-Id: I31546a56a18504684fc292ce76973ae6fab50fec
Reviewed-on: https://chromium-review.googlesource.com/563210
Commit-Queue: Andy Paicu <andypaicu@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Cr-Commit-Position: refs/heads/master@{#490978}
[modify] https://crrev.com/9aad7f8d6f6b48250730367506518c2941d6773d/third_party/WebKit/Source/core/frame/WebLocalFrameImpl.cpp
[modify] https://crrev.com/9aad7f8d6f6b48250730367506518c2941d6773d/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp
[modify] https://crrev.com/9aad7f8d6f6b48250730367506518c2941d6773d/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.h
[modify] https://crrev.com/9aad7f8d6f6b48250730367506518c2941d6773d/third_party/WebKit/Source/core/frame/csp/CSPDirectiveListTest.cpp
[modify] https://crrev.com/9aad7f8d6f6b48250730367506518c2941d6773d/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
[modify] https://crrev.com/9aad7f8d6f6b48250730367506518c2941d6773d/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h

Sign in to add a comment