New issue
Advanced search Search tips
Starred by 5 users
Status: Started
Owner:
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , Windows , Chrome , Mac
Pri: 2
Type: Task

Blocked on:
issue 676016


Show other hotlists

Hotlists containing this issue:
EnamelAndFriendsFixIt


Sign in to add a comment
CSP: `report-to` directive.
Project Member Reported by mkwst@chromium.org, May 26 2017 Back to list
The `report-to` directive wires CSP violation reports up to the Reporting API (https://wicg.github.io/reporting/), and deprecates the existing `report-uri` directive.
 
Labels: -OS-Fuchsia
Project Member Comment 2 by bugdroid1@chromium.org, Jul 10
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/fae14c9c5320d1e0b0672cf67c98bbdcf92318af

commit fae14c9c5320d1e0b0672cf67c98bbdcf92318af
Author: Andy Paicu <andypaicu@chromium.org>
Date: Mon Jul 10 12:38:34 2017

Add use counter that tracks whether multiple report endpoints are used

In order to help make a decision if the new reporting api should support
multiple endpoints, I've added an use counter to see how frequently the
current report-uri directive is used with multiple reporting endpoints
Spec: https://wicg.github.io/reporting/

Bug: 726634
Change-Id: I47353b559a2f57a022b2a5300ea5e2cdb88e0677
Reviewed-on: https://chromium-review.googlesource.com/563378
Commit-Queue: Andy Paicu <andypaicu@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Cr-Commit-Position: refs/heads/master@{#485243}
[modify] https://crrev.com/fae14c9c5320d1e0b0672cf67c98bbdcf92318af/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp
[modify] https://crrev.com/fae14c9c5320d1e0b0672cf67c98bbdcf92318af/third_party/WebKit/public/platform/web_feature.mojom
[modify] https://crrev.com/fae14c9c5320d1e0b0672cf67c98bbdcf92318af/tools/metrics/histograms/enums.xml

Project Member Comment 3 by bugdroid1@chromium.org, Aug 1
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/9aad7f8d6f6b48250730367506518c2941d6773d

commit 9aad7f8d6f6b48250730367506518c2941d6773d
Author: Andy Paicu <andypaicu@chromium.org>
Date: Tue Aug 01 13:54:26 2017

Allowed parsing reporting endpoints through the `report-to` directive

This patch adds functionality to parse the `report-to` csp directive
It does not actually do any reporting
It does not update the content layer csp version
Spec: https://wicg.github.io/reporting/

Bug: 726634
Change-Id: I31546a56a18504684fc292ce76973ae6fab50fec
Reviewed-on: https://chromium-review.googlesource.com/563210
Commit-Queue: Andy Paicu <andypaicu@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Cr-Commit-Position: refs/heads/master@{#490978}
[modify] https://crrev.com/9aad7f8d6f6b48250730367506518c2941d6773d/third_party/WebKit/Source/core/frame/WebLocalFrameImpl.cpp
[modify] https://crrev.com/9aad7f8d6f6b48250730367506518c2941d6773d/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.cpp
[modify] https://crrev.com/9aad7f8d6f6b48250730367506518c2941d6773d/third_party/WebKit/Source/core/frame/csp/CSPDirectiveList.h
[modify] https://crrev.com/9aad7f8d6f6b48250730367506518c2941d6773d/third_party/WebKit/Source/core/frame/csp/CSPDirectiveListTest.cpp
[modify] https://crrev.com/9aad7f8d6f6b48250730367506518c2941d6773d/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
[modify] https://crrev.com/9aad7f8d6f6b48250730367506518c2941d6773d/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h

Cc: mkwst@chromium.org
Status: Started
Labels: migrated-launch-owp Type-Task
This issue has been automatically relabelled type=task because type=launch-owp issues are now officially deprecated. The deprecation is because they were creating confusion about how to get launch approvals, which should be instead done via type=launch issues.

We recommend this issue be used for implementation tracking (for public visibility), but if you already have an issue for that, you may mark this as duplicate.

For more details see here: https://docs.google.com/document/d/1JA6RohjtZQc26bTrGoIE_bSXGXUDQz8vc6G0n_sZJ2o/edit

For any questions, please contact owencm, sshruthi, larforge
Project Member Comment 6 by bugdroid1@chromium.org, Oct 27
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/acb9f5c81a34715a0ae420d9d67449092ca965ad

commit acb9f5c81a34715a0ae420d9d67449092ca965ad
Author: Andy Paicu <andypaicu@chromium.org>
Date: Fri Oct 27 06:49:40 2017

Implemented the report-to functionality for webkit-residing csp

The reporting api can now be used to send csp reports
Did not yet implement the content csp version of this change.
spec: https://wicg.github.io/reporting/

Bug: 726634
Change-Id: Icd5cc5699d31d0300e2bcfc6f72b636e855679ea
Reviewed-on: https://chromium-review.googlesource.com/629083
Commit-Queue: Andy Paicu <andypaicu@chromium.org>
Reviewed-by: Julia Tuttle <juliatuttle@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Cr-Commit-Position: refs/heads/master@{#512107}
[modify] https://crrev.com/acb9f5c81a34715a0ae420d9d67449092ca965ad/content/browser/net/reporting_service_proxy.cc
[modify] https://crrev.com/acb9f5c81a34715a0ae420d9d67449092ca965ad/content/public/app/mojo/content_browser_manifest.json
[modify] https://crrev.com/acb9f5c81a34715a0ae420d9d67449092ca965ad/content/shell/browser/shell_url_request_context_getter.cc
[modify] https://crrev.com/acb9f5c81a34715a0ae420d9d67449092ca965ad/third_party/WebKit/LayoutTests/TestExpectations
[modify] https://crrev.com/acb9f5c81a34715a0ae420d9d67449092ca965ad/third_party/WebKit/LayoutTests/VirtualTestSuites
[add] https://crrev.com/acb9f5c81a34715a0ae420d9d67449092ca965ad/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/reporting/reporting-api-doesnt-send-reports-without-violation.https.sub.html
[add] https://crrev.com/acb9f5c81a34715a0ae420d9d67449092ca965ad/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/reporting/reporting-api-doesnt-send-reports-without-violation.https.sub.html.sub.headers
[add] https://crrev.com/acb9f5c81a34715a0ae420d9d67449092ca965ad/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/reporting/reporting-api-report-only-sends-reports-on-violation.https.sub.html
[add] https://crrev.com/acb9f5c81a34715a0ae420d9d67449092ca965ad/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/reporting/reporting-api-report-only-sends-reports-on-violation.https.sub.html.sub.headers
[add] https://crrev.com/acb9f5c81a34715a0ae420d9d67449092ca965ad/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/reporting/reporting-api-report-to-overrides-report-uri-1.https.sub.html
[add] https://crrev.com/acb9f5c81a34715a0ae420d9d67449092ca965ad/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/reporting/reporting-api-report-to-overrides-report-uri-1.https.sub.html.sub.headers
[add] https://crrev.com/acb9f5c81a34715a0ae420d9d67449092ca965ad/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/reporting/reporting-api-report-to-overrides-report-uri-2.https.sub.html
[add] https://crrev.com/acb9f5c81a34715a0ae420d9d67449092ca965ad/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/reporting/reporting-api-report-to-overrides-report-uri-2.https.sub.html.sub.headers
[add] https://crrev.com/acb9f5c81a34715a0ae420d9d67449092ca965ad/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/reporting/reporting-api-sends-reports-on-violation.https.sub.html
[add] https://crrev.com/acb9f5c81a34715a0ae420d9d67449092ca965ad/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/reporting/reporting-api-sends-reports-on-violation.https.sub.html.sub.headers
[modify] https://crrev.com/acb9f5c81a34715a0ae420d9d67449092ca965ad/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/reporting/securitypolicyviolation-idl.html
[modify] https://crrev.com/acb9f5c81a34715a0ae420d9d67449092ca965ad/third_party/WebKit/LayoutTests/external/wpt/content-security-policy/support/checkReport.sub.js
[add] https://crrev.com/acb9f5c81a34715a0ae420d9d67449092ca965ad/third_party/WebKit/LayoutTests/virtual/reporting/external/wpt/content-security-policy/reporting/README.txt
[modify] https://crrev.com/acb9f5c81a34715a0ae420d9d67449092ca965ad/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.cpp
[add] https://crrev.com/acb9f5c81a34715a0ae420d9d67449092ca965ad/third_party/WebKit/Source/platform/weborigin/ReportingServiceProxyPtrHolder.h
[modify] https://crrev.com/acb9f5c81a34715a0ae420d9d67449092ca965ad/third_party/WebKit/Tools/Scripts/webkitpy/layout_tests/port/base.py
[modify] https://crrev.com/acb9f5c81a34715a0ae420d9d67449092ca965ad/third_party/WebKit/public/platform/reporting.mojom

Labels: Hotlist-EnamelAndFriendsFixIt
Sign in to add a comment