Issue 776724 link

Starred by 1 user

Issue metadata

Status:	Available
Owner:	----
Cc:	█ andypaicu@chromium.org
Components:	Blink>SecurityFeature>ContentSecurityPolicy
EstimatedDays:	----
NextAction:	----
OS:	Windows
Pri:	3
Type:	Feature

Can't prevent CSP reports being sent if I handle the SecurityPolicyViolation event.

Reported by scott.he...@gmail.com, Oct 20 2017

Issue description

Chrome Version: 62.0.3202.62 (Official Build) (64-bit)
OS Version: Windows 10 Pro

What steps will reproduce the problem?
1. Visit a page with a CSP violation and a report-uri specified so a report is sent.
2. Add an event listener for SecurityPolicyViolation events and process the event.
3. You can't prevent the browser sending its own CSP report.

What is the expected result?
You should be able to process the event yourself and stop the browser from sending a report.

What happens instead of that?
The browser always sends its own CSP report.

UserAgentString: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.62 Safari/537.36

Comment 1 by mkwst@chromium.org, Oct 20 2017

Cc: andypaicu@chromium.org
Components: Blink>SecurityFeature>ContentSecurityPolicy
Labels: -Type-Bug Type-Feature
Status: Available (was: Unconfirmed)

I'd suggest filing a bug against the spec. Chrome does what the spec says, but it doesn't say what you want.

+andypaicu@ for triage.

Comment 2 by est...@chromium.org, Nov 10 2017

Labels: Hotlist-EnamelAndFriendsFixIt

Comment 3 by est...@chromium.org, Feb 18 2018

Labels: -Hotlist-EnamelAndFriendsFixIt

►

Issue 776724 link

Issue metadata

Can't prevent CSP reports being sent if I handle the SecurityPolicyViolation event.

Issue description

Comment 1 by mkwst@chromium.org, Oct 20 2017

Comment 1 Deleted

Comment 2 by est...@chromium.org, Nov 10 2017

Comment 2 Deleted

Comment 3 by est...@chromium.org, Feb 18 2018

Comment 3 Deleted

Sign in to add a comment