Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
feat: enable reporting api #18255
Description of Change
Notes: Enabled the W3C Reporting API.
deepak1556 left a comment
https://bugs.chromium.org/p/chromium/issues/detail?id=704259 is the implementation bug, based on it.
If we only want to read reports this looks good, any reason not to add support for sending reports
Also if we want to provide a way to clear reporting cache , we can extend
I haven't fully thought through the implications of enabling the reporting API by default with no option to disable it in apps. At first blush I don't think there's an issue (if you're loading a website with headers you don't control, then you're probably going to be running JS you don't control also...) but I haven't thought through all the potential ways it could be dangerous.
Adding @electron/wg-security for their thoughts.
Isn't it still behind a feature flag ? Can't apps disable it via
Not sure either, but the reporting types clearly seems harmless https://w3c.github.io/reporting/#report-types . If apps are loading remote content not they control, then they should be running in a sandboxed environment, also they still have the ability to control headers via the
Ah yeah, I hadn't considered the
In that case, I think I'll go ahead and merge this. We can add configuration options and permissions requests / filtering handlers in a followup. Until then, apps can disable the feature if they want.