mirror of
https://github.com/servo/servo.git
synced 2025-07-19 13:23:46 +01:00
fcb2a4cd95
The specification moved around lately with how it defines its reports and report bodies. They became dictionaries, but are currently missing some fields [1]. Most tests won't be passing yet, since the `Reporting-Endpoints` header isn't used yet. In fact, the specification leaves it up to the browser to figure out when to run this task [2]. I am not sure if there some background scheduling we can do here. Confirmed with content-security-policy/reporting-api/ report-to-directive-allowed-in-meta.https.sub.html that the callback is invoked. The test doesn't pass, since the `describe_scripted_caller` is empty for HTML elements. Thus the `source_file` is empty, whereas it should be equivalent to the current document URL. Part of #37328 Signed-off-by: Tim van der Lippe <tvanderlippe@gmail.com> [1]: https://github.com/w3c/reporting/issues/286 [2]: https://w3c.github.io/reporting/#report-delivery
19 lines
693 B
Text
19 lines
693 B
Text
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at https://mozilla.org/MPL/2.0/. */
|
|
|
|
// https://w3c.github.io/webappsec-csp/#dictdef-cspviolationreportbody
|
|
|
|
dictionary CSPViolationReportBody : ReportBody {
|
|
required USVString documentURL;
|
|
USVString referrer;
|
|
USVString blockedURL;
|
|
required DOMString effectiveDirective;
|
|
required DOMString originalPolicy;
|
|
USVString sourceFile;
|
|
DOMString sample;
|
|
required SecurityPolicyViolationEventDisposition disposition;
|
|
required unsigned short statusCode;
|
|
unsigned long lineNumber;
|
|
unsigned long columnNumber;
|
|
};
|