Project: chromium Issues People Development process History Sign in
New issue
Advanced search Search tips
Starred by 5 users
Status: Started
Owner:
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux, Android, Windows, Chrome, Mac
Pri: 2
Type: Task

Blocked on:
issue 676016



Sign in to add a comment
CSP: `report-to` directive.
Project Member Reported by mkwst@chromium.org, May 26 Back to list
The `report-to` directive wires CSP violation reports up to the Reporting API (https://wicg.github.io/reporting/), and deprecates the existing `report-uri` directive.
 
Labels: -OS-Fuchsia
Project Member Comment 2 by bugdroid1@chromium.org, Jul 10
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/fae14c9c5320d1e0b0672cf67c98bbdcf92318af

commit fae14c9c5320d1e0b0672cf67c98bbdcf92318af
Author: Andy Paicu <andypaicu@chromium.org>
Date: Mon Jul 10 12:38:34 2017

Add use counter that tracks whether multiple report endpoints are used

In order to help make a decision if the new reporting api should support
multiple endpoints, I've added an use counter to see how frequently the
current report-uri directive is used with multiple reporting endpoints
Spec: https://wicg.github.io/reporting/

Bug: 726634
Change-Id: I47353b559a2f57a022b2a5300ea5e2cdb88e0677
Reviewed-on: https://chromium-review.googlesource.com/563378
Commit-Queue: Andy Paicu <andypaicu@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Cr-Commit-Position: refs/heads/master@{#485243}
[modify] https://crrev.com/fae14c9c5320d1e0b0672cf67c98bbdcf92318af/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp
[modify] https://crrev.com/fae14c9c5320d1e0b0672cf67c98bbdcf92318af/third_party/WebKit/public/platform/web_feature.mojom
[modify] https://crrev.com/fae14c9c5320d1e0b0672cf67c98bbdcf92318af/tools/metrics/histograms/enums.xml

Project Member Comment 3 by bugdroid1@chromium.org, Aug 1
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/9aad7f8d6f6b48250730367506518c2941d6773d

commit 9aad7f8d6f6b48250730367506518c2941d6773d
Author: Andy Paicu <andypaicu@chromium.org>
Date: Tue Aug 01 13:54:26 2017

Allowed parsing reporting endpoints through the `report-to` directive

This patch adds functionality to parse the `report-to` csp directive
It does not actually do any reporting
It does not update the content layer csp version
Spec: https://wicg.github.io/reporting/

Bug: 726634
Change-Id: I31546a56a18504684fc292ce76973ae6fab50fec
Reviewed-on: https://chromium-review.googlesource.com/563210
Commit-Queue: Andy Paicu <andypaicu@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Cr-Commit-Position: refs/heads/master@{#490978}
[modify] https://crrev.com/9aad7f8d6f6b48250730367506518c2941d6773d/third_party/WebKit/Source/core/frame/WebLocalFrameImpl.cpp
[modify] https://crrev.com/9aad7f8d6f6b48250730367506518c2941d6773d/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp
[modify] https://crrev.com/9aad7f8d6f6b48250730367506518c2941d6773d/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.h
[modify] https://crrev.com/9aad7f8d6f6b48250730367506518c2941d6773d/third_party/WebKit/Source/core/frame/csp/CSPDirectiveListTest.cpp
[modify] https://crrev.com/9aad7f8d6f6b48250730367506518c2941d6773d/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
[modify] https://crrev.com/9aad7f8d6f6b48250730367506518c2941d6773d/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h

Cc: mkwst@chromium.org
Status: Started
Labels: migrated-launch-owp Type-Task
This issue has been automatically relabelled type=task because type=launch-owp issues are now officially deprecated. The deprecation is because they were creating confusion about how to get launch approvals, which should be instead done via type=launch issues.

We recommend this issue be used for implementation tracking (for public visibility), but if you already have an issue for that, you may mark this as duplicate.

For more details see here: https://docs.google.com/document/d/1JA6RohjtZQc26bTrGoIE_bSXGXUDQz8vc6G0n_sZJ2o/edit

For any questions, please contact owencm, sshruthi, larforge
Sign in to add a comment