mirror of
https://github.com/mozilla/gecko-dev.git
synced 2025-03-02 14:30:43 +00:00
da762ea8c3
Updated Content Security Policy reporting to align with current W3C reporting standards. Reporting now supports the usage of the report-to directive, which utilizes a client's response header field to determine where a report should be sent upon a content security policy violation occurring. Unlike the previous report-uri directive, which parsed endpoint URIs directly from the response header, report-to utilizes endpoint groups to store the URIs that will receive the report. This patch handles the reception of a CSP violation, creation of a report from said violation, and report delivery, while the parsing of the endpoint URIs are handled by D193461. While the deprecated report-uri directive remains supported, it is now only used for reporting if a client does not specify a report- to header. Differential Revision: https://phabricator.services.mozilla.com/D197480