You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Sorry, I missed this too. (You'll be seeing that a lot, I think, since TPAC is a nice forcing-function to make me realize that I've done a bad job staying on top of things here...)
The reporting changes were meant to make it less likely that we leak information that the page doesn't itself have access to. We can prevent explicitly leaking the origin of a redirect target, so why shouldn't we?
not sure what you mean: I was saying if <iframe src="allowdsite.com/foobar"> redirects to notallowed.com/bar, then I should at least know that the violation was caused by allowedsite.com/foobar?
Yeah, if <iframe src="allowdsite.com/foobar"> redirects to disallowed.com, then you should get a report that says child-src was violated by a request to allowedsite.com/foobar. I think that's what the spec says today.
No description provided.
The text was updated successfully, but these errors were encountered: