mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-27 14:52:16 +00:00
da762ea8c3
Updated Content Security Policy reporting to align with current W3C reporting standards. Reporting now supports the usage of the report-to directive, which utilizes a client's response header field to determine where a report should be sent upon a content security policy violation occurring. Unlike the previous report-uri directive, which parsed endpoint URIs directly from the response header, report-to utilizes endpoint groups to store the URIs that will receive the report. This patch handles the reception of a CSP violation, creation of a report from said violation, and report delivery, while the parsing of the endpoint URIs are handled by D193461. While the deprecated report-uri directive remains supported, it is now only used for reporting if a client does not specify a report- to header. Differential Revision: https://phabricator.services.mozilla.com/D197480 |
||
|---|---|---|
| .. | ||
| en-US | ||
| jar.mn | ||
| moz.build | ||