You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, I found out that some browser engines behave differently when a beacon request is blocked by CSP policy (it happens when domain is not specified in connect-src section of the CSP header). As far as I see, the spec does not define what is the "right" value to return in this case: https://www.w3.org/TR/beacon/#return-value
Actual behavior
Safari, Chrome: sendBeacon returns true
Firefox: sendBeacon returns false
Expected behavior
Work consistently across browsers.
ps: I'm not 100% sure if this is the right place to open an issue, but I figured that it would be reasonable to first figure out what behavior is “canonical” in this scenario. I would greatly appreciate any thoughts on this. Thanks!
Hi, I found out that some browser engines behave differently when a beacon request is blocked by CSP policy (it happens when domain is not specified in
connect-src
section of the CSP header). As far as I see, the spec does not define what is the "right" value to return in this case: https://www.w3.org/TR/beacon/#return-valueActual behavior
sendBeacon
returnstrue
sendBeacon
returnsfalse
Expected behavior
Work consistently across browsers.
ps: I'm not 100% sure if this is the right place to open an issue, but I figured that it would be reasonable to first figure out what behavior is “canonical” in this scenario. I would greatly appreciate any thoughts on this. Thanks!
The reproduction is here: https://chernodub.dev/beacon (source code https://github.com/chernodub/chernodub.github.io/blob/main/src/pages/beacon.html)
Steps to reproduce
Try playing with reproduction in different browsers
The text was updated successfully, but these errors were encountered: