Permissions Policy Reporting and Report-Only mode #909
Comments
|
Ian, do you have examples of how permission violation reports are generated? I glimpsed some existing supported features and didn't find they had any violation report. @clelland |
|
https://wpt.fyi/results/permissions-policy/reporting?label=master&label=experimental&aligned is probably the best set of examples I can find. As a sample, something like fullscreen reporting includes a header like this: Permissions-Policy: fullscreen=()The header itself is there so that this can be done in a single frame. It would be equally valid to do this in a subframe, like <iframe allow="fullscreen 'none'" src="https://web-platform.test:8000/the-actual-test.html"></iframe>"(Although note that in that case, only the subframe would receive reports; the parent frame cannot see reports generated from its children.) The test then registers a reporting observer and attempts to use fullscreen mode. In this case, the reporting observer intercepts the report (it could also have been sent in JSON format to a reporting endpoint, as with any other Reporting API reports). The report itself looks like this: { "type": "permissions-policy-violation",
"url": "https://web-platform.test:8000/permissions-policy/reporting/fullscreen-reporting.html",
"body": {
"featureId": "fullscreen",
"sourceFile": "https://web-platform.test:8000/permissions-policy/reporting/fullscreen-reporting.html",
"lineNumber": 40,
"columnNumber": 50,
"disposition": "enforce"
}
} |
Request for Mozilla Position on an Emerging Web Specification
@-mention GitHub accounts): @clellandOther information
Permissions Policy (née Feature Policy) has a positive MSP here, as does the Reporting API. This review request is for the integration of the two, so that policy violations (and potential violations) can trigger reports.
The text was updated successfully, but these errors were encountered: