Issue 916265 link

Starred by 2 users

Issue metadata

Status:	Available
Owner:	----
Cc:	█ andypaicu@chromium.org hirosh...@chromium.org
Components:	Blink>SecurityFeature>ContentSecurityPolicy
EstimatedDays:	----
NextAction:	----
OS:	----
Pri:	3
Type:	Bug

CSP: report-to accepts multiple endpoints

Project Member Reported by hirosh...@chromium.org, Dec 18

Issue description

https://w3c.github.io/webappsec-csp/#directive-report-to

The directive value of "report-to" is a single token according to the spec, but Blink implementation handles it as if ascii-whitespace-delimited list of tokens.

Found during code investigation for another purpose.
https://chromium-review.googlesource.com/c/chromium/src/+/1379321
Probably the priority is quite low.

Comment 1 by mkwst@chromium.org, Yesterday (44 hours ago)

Status: Available (was: Untriaged)

Yup. Seems like something we should fix, but I agree with the prioritization.

►

Issue 916265 link

Issue metadata

CSP: report-to accepts multiple endpoints

Issue description

Comment 1 by mkwst@chromium.org, Yesterday (44 hours ago)

Comment 1 Deleted

Sign in to add a comment