CSP error message in console needs updating
Reported by
scott.he...@gmail.com,
Jan 11 2018
|
||||
Issue descriptionChrome Version : 63.0.3239.132 OS Version: 10.0 What steps will reproduce the problem? 1. Deploy a Content-Security-Policy-Report-Only on a page with no report-uri specified. 2. An error message is placed in the console. What is the expected result? No error message should be shown as we can now listen for and handle reports with the SecurityPolicyViolation event interface: https://www.w3.org/TR/CSP2/#securitypolicyviolationevent-interface What happens instead of that? The following error message is shown: The Content Security Policy 'default-src 'none'' was delivered in report-only mode, but does not specify a 'report-uri'; the policy will have no effect. Please either add a 'report-uri' directive, or deliver the policy via the 'Content-Security-Policy' header. UserAgentString: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36
,
Jan 12 2018
scott.helme@ - Thanks for filing the issue...!! Could you please provide a sample test file/url to test the issue from TE-end. This will help us in triaging the issue further. Thanks...!!
,
Jan 12 2018
Here we go: https://scotthelme.co.uk/bug-801198/ Let me know when you have enough info and I can delete the page, thanks!
,
Jan 12 2018
Thank you for providing more feedback. Adding requester "krajshree@chromium.org" to the cc list and removing "Needs-Feedback" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jan 16 2018
Discussing this in https://github.com/w3c/webappsec-csp/issues/277. |
||||
►
Sign in to add a comment |
||||
Comment 1 by krajshree@chromium.org
, Jan 11 2018