Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feature request: content_security_policy_report_only in manifest.json #197

Open
Jack-Works opened this issue Apr 13, 2022 · 5 comments
Open

feature request: content_security_policy_report_only in manifest.json #197

Jack-Works opened this issue Apr 13, 2022 · 5 comments
Labels
topic: csp Related to content security policy enforcement

Comments

@Jack-Works
Copy link

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only
@Jack-Works
Copy link
Author

image

Without this feature, I cannot specify a Report Only CSP because it does not accept CSP Report Only via a meta tag.

@Jack-Works
Copy link
Author

Chrome tracking bug https://bugs.chromium.org/p/chromium/issues/detail?id=1315890

@twschiller twschiller mentioned this issue Apr 13, 2022
Closed
@carlosjeurissen
Copy link
Contributor

This depends on the not yet further explored discussion about CSP reporting initiated by #97 during #166. Seems it could be a good opportunity to talk about this.

@Jack-Works
Copy link
Author

I hope we can add it consistently as the status quo API asap. There is no way to opt-in the CSP in our extension in a gradually way 😂

@Rob--W Rob--W mentioned this issue Apr 14, 2022
Merged
@Rob--W Rob--W added the topic: csp Related to content security policy enforcement label Apr 27, 2022
@carlosjeurissen
Copy link
Contributor

As for syntax, I'm proposing to use an object structure like:

"content_security_policy_report_only": {
  "extension_pages": "...",
  "sandbox": "..."
}

This aligns it with the content_security_policy syntax proposed by Google and Mozilla. Which makes sure it is flexible and familiar.

@Rob--W Rob--W mentioned this issue May 12, 2022
Merged
@carlosjeurissen carlosjeurissen added the agenda Discuss in future meetings label Oct 17, 2022
@carlosjeurissen carlosjeurissen mentioned this issue Oct 17, 2022
Closed
@carlosjeurissen carlosjeurissen mentioned this issue Oct 31, 2022
Closed
@dotproto dotproto removed the agenda Discuss in future meetings label Mar 16, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
topic: csp Related to content security policy enforcement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@carlosjeurissen @dotproto @Rob--W @Jack-Works