Deprecate 'report-uri'. Drop 'reports'. 'report-to' is the new hotness.

w3c · Dec 4, 2015 · 90528dd · 90528dd
1 parent d142199
commit 90528dd
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 39 deletions.
diff --git a/index.html b/index.html
@@ -1211,11 +1211,7 @@ <h2 class="no-num no-toc no-ref heading settled" id="contents"><span class="cont
         <li><a href="#directive-report-uri"><span class="secno">6.3.1</span> <span class="content"><code>report-uri</code></span></a>
         <li><a href="#directive-report-to"><span class="secno">6.3.2</span> <span class="content"><code>report-to</code></span></a>
        </ul>
-      <li>
-       <a href="#directives-elsewhere"><span class="secno">6.4</span> <span class="content"> Directives Defined in Other Documents </span></a>
-       <ul class="toc">
-        <li><a href="#directive-report"><span class="secno">6.4.1</span> <span class="content"><code>reports</code></span></a>
-       </ul>
+      <li><a href="#directives-elsewhere"><span class="secno">6.4</span> <span class="content"> Directives Defined in Other Documents </span></a>
      </ul>
     <li>
      <a href="#security-considerations"><span class="secno">7</span> <span class="content">Security Considerations</span></a>
@@ -1336,6 +1332,8 @@ <h3 class="heading settled" data-level="1.3" id="changes-from-level-2"><span cla
   to the resources such a context can load) have moved out into a separate <a data-link-type="biblio" href="#biblio-csp-document">[CSP-DOCUMENT]</a> module. This includes <code>base-uri</code>, <code>form-action</code>, <code>frame-ancestors</code>, <code>plugin-types</code>, <code>sandbox</code>.</p>
      <li data-md="">
       <p>The <code>manifest-src</code> directive has been added.</p>
+     <li data-md="">
+      <p>The <code>report-uri</code> directive is deprecated in favor of the new <code>report-to</code> directive, which relies on <a data-link-type="biblio" href="#biblio-oob-reporting">[OOB-REPORTING]</a> as infrastructure.</p>
     </ol>
     <h3 class="heading settled" data-level="1.4" id="open-questions"><span class="secno">1.4. </span><span class="content">Open Questions</span><a class="self-link" href="#open-questions"></a></h3>
     <ol>
@@ -1356,9 +1354,6 @@ <h3 class="heading settled" data-level="1.4" id="open-questions"><span class="se
   risk by using the original URL of a blocked resource; there shouldn’t
   be anything in the report JSON that script can’t gather on its own by
   walking the DOM.</p>
-       <li data-md="">
-        <p>Sketching out a reporting framework at <a href="http://mikewest.github.io/error-reporting/">http://mikewest.github.io/error-reporting/</a> that we should probably use to resolve some of the issues with
-  reporting in CSP2.</p>
       </ol>
     </ol>
    </section>
@@ -3180,15 +3175,6 @@ <h3 class="heading settled" data-level="6.4" id="directives-elsewhere"><span cla
     <p>New directives SHOULD use the <a data-link-type="dfn" href="#pre-request-check">pre-request check</a>, <a data-link-type="dfn" href="#post-request-check">post-request check</a>, <a data-link-type="dfn" href="#response-check">response
   check</a>, and <a data-link-type="dfn" href="#initialization">initialization</a> hooks in order to
   integrate themselves into Fetch and HTML.</p>
-    <h4 class="heading settled" data-level="6.4.1" id="directive-report"><span class="secno">6.4.1. </span><span class="content"><code>reports</code></span><a class="self-link" href="#directive-report"></a></h4>
-    <p>The <dfn data-dfn-type="dfn" data-noexport="" id="reports">reports<a class="self-link" href="#reports"></a></dfn> directive defines the endpoint to which violation
-  reports are sent. The syntax for the directive’s name and
-  value is described by the following ABNF:</p>
-<pre>directive-name  = "reports"
-directive-value = &lt;URL> ; TODO: Figure out what to use here.
-</pre>
-    <p class="issue" id="issue-30789e18"><a class="self-link" href="#issue-30789e18"></a> Finish stubbing out <a href="https://mikewest.github.io/error-reporting/">Not Just Error
-  Reporting</a> with Ilya so we can integrate that work here.</p>
    </section>
    <section>
     <h2 class="heading settled" data-level="7" id="security-considerations"><span class="secno">7. </span><span class="content">Security Considerations</span><a class="self-link" href="#security-considerations"></a></h2>
@@ -3405,7 +3391,6 @@ <h3 class="no-num heading settled" id="index-defined-here"><span class="content"
      <li><a href="#dom-securitypolicyviolationevent-referrer">attribute for SecurityPolicyViolationEvent</a><span>, in §5.1</span>
      <li><a href="#dom-securitypolicyviolationeventinit-referrer">dict-member for SecurityPolicyViolationEventInit</a><span>, in §5.1</span>
     </ul>
-   <li><a href="#reports">reports</a><span>, in §6.4.1</span>
    <li><a href="#report-to">report-to</a><span>, in §6.3.2</span>
    <li><a href="#report-uri">report-uri</a><span>, in §6.3.1</span>
    <li><a href="#violation-resource">resource</a><span>, in §2.3</span>
@@ -3786,8 +3771,6 @@ <h2 class="no-num heading settled" id="issues-index"><span class="content">Issue
    <div class="issue"> Do something interesting to the execution context in order to lock down
   interesting CSSOM algorithms. I don’t think CSSOM gives us any hooks here, so
   let’s work with them to put something reasonable together.<a href="#issue-eba1ebc1"> ↵ </a></div>
-   <div class="issue"> Finish stubbing out <a href="https://mikewest.github.io/error-reporting/">Not Just Error
-  Reporting</a> with Ilya so we can integrate that work here.<a href="#issue-30789e18"> ↵ </a></div>
   </div>
  </body>
 </html>
diff --git a/index.src.html b/index.src.html
@@ -369,6 +369,9 @@ <h3 id="changes-from-level-2">Changes from Level 2</h3>
 
   6.  The `manifest-src` directive has been added.
 
+  7.  The `report-uri` directive is deprecated in favor of the new `report-to`
+      directive, which relies on [[OOB-REPORTING]] as infrastructure.
+
   <h3 id="open-questions">Open Questions</h3>
 
   1.  Do we really want to remove `frame-src`? Though the threat model of
@@ -386,10 +389,6 @@ <h3 id="open-questions">Open Questions</h3>
           risk by using the original URL of a blocked resource; there shouldn't
           be anything in the report JSON that script can't gather on its own by
           walking the DOM.
-
-      2.  Sketching out a reporting framework at <a href="http://mikewest.github.io/error-reporting/">http://mikewest.github.io/error-reporting/</a>
-          that we should probably use to resolve some of the issues with
-          reporting in CSP2.
 </section>
 
 <!-- Big Text: Framework -->
@@ -2547,21 +2546,6 @@ <h3 id="directives-elsewhere">
   <a for="directive">post-request check</a>, <a for="directive">response
   check</a>, and <a for="directive">initialization</a> hooks in order to
   integrate themselves into Fetch and HTML.
-
-  <h4 id="directive-report">`reports`</h4>
-
-  The <dfn>reports</dfn> directive defines the endpoint to which violation
-  reports are sent. The syntax for the directive's name and
-  value is described by the following ABNF:
-
-  <pre>
-    directive-name  = "reports"
-    directive-value = &lt;URL&gt; ; TODO: Figure out what to use here.
-  </pre>
-
-  ISSUE: Finish stubbing out
-  <a href="https://mikewest.github.io/error-reporting/">Not Just Error
-  Reporting</a> with Ilya so we can integrate that work here.
 </section>
 
 <!-- Big text: Security -->