W3C home > Mailing lists > Public > public-webappsec@w3.org > November 2012

Re: Batching CSP violation reports.

From: Mike West <mkwst@google.com>
Date: Mon, 5 Nov 2012 19:06:00 +0100
Message-ID: <CAKXHy=dyA+2M9WdcuKhHkZ=bqzkz---epH_hR5WFa5JMHSrLeg@mail.gmail.com>
To: Ian Melven <imelven@mozilla.com>
Cc: Alex Russell <slightlyoff@google.com>, public-webappsec@w3.org
On Mon, Nov 5, 2012 at 6:03 PM, Ian Melven <imelven@mozilla.com> wrote:

> Would these be aggregated at the document-uri level ? ie all violations
> for a particular document would be batched ?


I don't think the spec should mandate a behavior. My suggestion is simply
that the 1.1 spec allow multiple reports to be sent in a single POST. I'd
expect user agents to be able to determine the most effective behavior
based on context. It might make sense to send one report for a protected
resource, or it might make sense to send one report every X seconds, or any
of a number of possible mechanisms.

-mike
Received on Monday, 5 November 2012 18:06:48 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 5 November 2012 18:06:49 GMT