Issue metadata
Sign in to add a comment
|
XSS Auditor violation reports are no longer sent cross-origin
Reported by
scott.he...@gmail.com,
Feb 28 2018
|
||||||||||||||||||||||||
Issue descriptionChrome Version: 64.0.3282.186 OS Version: All As a result of https://bugs.chromium.org/p/chromium/issues/detail?id=807304 any XSS auditor report that is sent cross-origin will be blocked. The fix was for a bug raised over 3 years ago, I'm not entirely sure it's valid, but has resulted in a useful feature being disabled: https://bugs.chromium.org/p/chromium/issues/detail?id=441275 We were in the process of testing a new capability on https://report-uri.com to collect XSS auditor reports for our customers and this change broke that and introduced errors in the consoles on websites using it. It's also worth nothing that youtube.com and t.co use cross-origin XSS auditor reporting along with other sites. It'd be great if we could enable cross-origin reports again!
,
Mar 1 2018
,
Mar 1 2018
Hey, please could you give me view/access permission to the linked bug? Cheers. |
|||||||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||||||
Comment 1 by elawrence@chromium.org
, Feb 28 2018Components: Blink>SecurityFeature>XSSAuditor
Labels: -Type-Bug -Pri-3 FoundIn-64 OS-Android OS-Chrome OS-Fuchsia OS-Linux OS-Windows Pri-2 Type-Bug-Regression
Status: Untriaged (was: Unconfirmed)
Summary: XSS Auditor violation reports are no longer sent cross-origin (was: XSS auditor reports are not sent cross-origin)