Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add a violation report example #189

Open
fmarier opened this issue Feb 28, 2015 · 9 comments

Comments

@fmarier
Copy link
Contributor

commented Feb 28, 2015

The CSP spec includes an example violation report and since we intend to use the same mechanism in SRI, we should describe what that report looks like (e.g. what fields it is expected to contain).

@fmarier fmarier added the SRI label Feb 28, 2015

@devd

This comment has been minimized.

Copy link
Contributor

commented Feb 28, 2015

What did you implement in Firefox?

@fmarier

This comment has been minimized.

Copy link
Contributor Author

commented Feb 28, 2015

I don't have reporting in Firefox yet and I'm planning to land the initial implementation without it.

@devd

This comment has been minimized.

Copy link
Contributor

commented Mar 1, 2015

aah ok @metromoxie have you implemented reports yet? Might be easier to start with existing implementations.

@devd devd added this to the SRI-v1-LC milestone Mar 3, 2015

@metromoxie

This comment has been minimized.

Copy link
Contributor

commented Mar 5, 2015

No, we do not have reporting yet; just console logging. I have a few other issues (e.g. requiring CORS for SRI) to fix before I can get to reporting.

@devd

This comment has been minimized.

Copy link
Contributor

commented Mar 5, 2015

tbh, based on my experience, a JS event might be good enough. We could just ask for "sri" field on the onerror event or something like that.

@fmarier

This comment has been minimized.

Copy link
Contributor Author

commented Mar 5, 2015

Based on some feedback we have received on CSP, it might be good to specify the report format instead of just providing an example. The small differences in how Chrome and Firefox produce the reports are making life a little harder for people who have to parse/filter these reports.

@devd

This comment has been minimized.

Copy link
Contributor

commented Mar 6, 2015

aah .. what I am suggesting though is that it is not even clear how critical "reporting" is as opposed to just throwing an error event.

@metromoxie

This comment has been minimized.

Copy link
Contributor

commented Mar 11, 2015

I'm good either way. We could just go with an error event and then punt reporting until v2, as well.

@fmarier

This comment has been minimized.

Copy link
Contributor Author

commented Mar 11, 2015

If it's not going to prevent people from adopting SRI, then I'm ok for moving reporting to v2.

@fmarier fmarier removed this from the SRI-v1-LC milestone Apr 18, 2015

@fmarier fmarier added this to the SRI-next milestone Apr 30, 2015

mikewest pushed a commit to mikewest/webappsec that referenced this issue Jun 29, 2015
Merge pull request w3c#189 from mikewest/biblio
Support 'etAl' in biblio entries.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.