New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 916265 link

Starred by 2 users

Issue metadata

Status: Available
Owner: ----
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug



Sign in to add a comment

CSP: report-to accepts multiple endpoints

Project Member Reported by hirosh...@chromium.org, Dec 18

Issue description

https://w3c.github.io/webappsec-csp/#directive-report-to

The directive value of "report-to" is a single token according to the spec, but Blink implementation handles it as if ascii-whitespace-delimited list of tokens.

Found during code investigation for another purpose.
https://chromium-review.googlesource.com/c/chromium/src/+/1379321
Probably the priority is quite low.
 

Comment 1 by mkwst@chromium.org, Yesterday (44 hours ago)

Status: Available (was: Untriaged)
Yup. Seems like something we should fix, but I agree with the prioritization.

Sign in to add a comment