RESOLVED FIXED 60402
Implement "Report-Only" mode for CSP 
https://bugs.webkit.org/show_bug.cgi?id=60402
Summary Implement "Report-Only" mode for CSP
Adam Barth
Reported 2011-05-06 14:23:08 PDT
Implement "Report-Only" mode for CSP
Attachments
Patch (9.11 KB, patch)
2011-05-06 14:24 PDT, Adam Barth 		no flags
DetailsFormatted DiffDiff
Patch (9.40 KB, patch)
2011-05-06 17:24 PDT, Adam Barth 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Adam Barth
Comment 1 2011-05-06 14:24:41 PDT
Created attachment 92639 [details] Patch
Eric Seidel (no email)
Comment 2 2011-05-06 16:52:50 PDT
Comment on attachment 92639 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=92639&action=review > Source/WebCore/page/ContentSecurityPolicy.cpp:553 > + return m_reportOnly; This is a bit confusing since in the "pass" case, return m_reportOnly would return the inverse of what you wanted. Maybe this should be some helper function? I'm not sure the name. falseIfEnforcingPolicy()? !enforcingPolicy()? false || m_reportOnly? I'm not sure. This may be fine as is, just smells a little funny.
Adam Barth
Comment 3 2011-05-06 17:08:32 PDT
The "pass" case is handled two lines above. This return statement is only encountered after we've fired off the violation report.
Adam Barth
Comment 4 2011-05-06 17:09:21 PDT
I can see wrapping it in a function though. return denyIfEnforcingPolicy(); ???
Adam Barth
Comment 5 2011-05-06 17:24:13 PDT
Created attachment 92662 [details] Patch
Eric Seidel (no email)
Comment 6 2011-05-06 17:46:06 PDT
Comment on attachment 92662 [details] Patch LGTM.
Eric Seidel (no email)
Comment 7 2011-05-06 17:46:47 PDT
Of course now it feels like we should have an Allow/Deny enum (mapping to 1, 0 of course). :)
WebKit Commit Bot
Comment 8 2011-05-06 19:13:24 PDT
Comment on attachment 92662 [details] Patch Clearing flags on attachment: 92662 Committed r85993: <http://trac.webkit.org/changeset/85993>
WebKit Commit Bot
Comment 9 2011-05-06 19:13:28 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.