New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Reporting #142

Open
Jxck opened this Issue Mar 2, 2018 · 5 comments

Comments

Projects
None yet
5 participants
@Jxck
Copy link

Jxck commented Mar 2, 2018

Like CSP, I wanna know where was blocked by feature policy.
but Spec says nothing about reporting-to/-uri.
is there any plan to do support reporting ?
or is there any reason not doing that ?

@clelland

This comment has been minimized.

Copy link
Collaborator

clelland commented Mar 2, 2018

We are definitely planning to support reporting, through the Reporting API (And the Report-To header). There are definitely reasons why it hasn't happened yet, specifically there are issues around reporting the behaviour of documents in cross-origin frames, but I'm hoping to have a proposal up here fairly soon to address that.

Thanks for opening this, btw -- we should use it for discussion of all of the issues around reporting.

@clelland clelland self-assigned this Jun 11, 2018

@nico3333fr

This comment has been minimized.

Copy link

nico3333fr commented Jul 22, 2018

Yes, reporting could be useful to understand potential side-effects and deploy Feature Policy easily on websites.

@flano-yuki

This comment has been minimized.

Copy link

flano-yuki commented Jul 23, 2018

Currently it is written as follows

Report-To: {"url":"https://reportingapi.tools/public/submit","max-age":86400}

https://github.com/WICG/feature-policy/blob/824de86f89599240c24b5ae3cd58d25984446af5/reporting.md

As an example in reporting api spec, I think it should be associated by group.

for example

Report-To: { "group": "featuer-policy-report",
             "max_age": 10886400,
             "endpoints": [
               { "url": "https://example.com/reports", "priority": 1 }
             ] }

Feature-Policy: syncxhr-report-only 'none'; report-to=featuer-policy-report
@clelland

This comment has been minimized.

Copy link
Collaborator

clelland commented Jul 23, 2018

Yes, @flano-yuki, that's true -- it looks like the header syntax was changed back in w3c/reporting#67. I'll update that example, and ensure the changes make it into the spec eventually as well. Thanks!

@ebidel

This comment has been minimized.

Copy link
Contributor

ebidel commented Aug 14, 2018

+1 for being able to specify an endpoint group using report-to directive.

I think it's ok if browser-generated interventions and deprecations are reported to the default group since you don't have control over those. But Feature Policy is a bit different since it's opt-in by the developer.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment