W3C home > Mailing lists > Public > public-webappsec@w3.org > December 2014

Re: [SRI] Towards v1 - do we need error reporting?

From: Devdatta Akhawe <dev.akhawe@gmail.com>
Date: Wed, 10 Dec 2014 20:39:55 -0800
Message-ID: <CAPfop_12oDs8j5VqXZkCqRqBHX8uFP_L8e2_YASTEMoStqd2ww@mail.gmail.com>
To: Brian Smith <brian@briansmith.org>
Cc: Brad Hill <hillbrad@gmail.com>, Ben Toews <btoews@github.com>, Frederik Braun <fbraun@mozilla.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
I think that could be argued for any erro reporting mechanism. People
like Neil can jump in here, but I can attest that being able to do the
error reporting in a very non obtrusive manner (via the header only
and a simple listener) was very useful for CSP deployment. Based on
that experience, I would argue that this would be useful here too.

On 10 December 2014 at 16:20, Brian Smith <brian@briansmith.org> wrote:
> On Wed, Dec 10, 2014 at 12:57 PM, Brad Hill <hillbrad@gmail.com> wrote:
>> +1 on error reporting.  Especially as this is an experiment, I think it will
>> be important to allow individual content providers to gather and report on
>> their experiences with the spec, not just rely on browser vendor telemetry.
>
> I think it is useful to be notified of errors. But, it isn't clear to
> me why a SRI-specific error reporting mechanism is a good idea. I
> would be just as interested in knowing if my CDN was returning 404s,
> or if DNS failed to resolve for a CDN host, or other things. If at all
> reasonable, I think it would be better to create an error
> handling/reporting mechanism that is more general, so that every spec
> doesn't need to create its own reporting mechanism from scratch or by
> (effectively) copy/pasting the CSP one.
>
> In particular, perhaps all we need is a way of doing something like this:
>
>     <link rel=network-failure-handler
> href="//not-the-cdn.example.com/handle-network-errors.js">
>
> Which would indicate a script that is loaded and executed when a
> network failure occurs, where the script can register an event handler
> that will process events for every failed load (including, in
> particular, the load that causes it to be loaded).
>
> Cheers,
> Brian
Received on Thursday, 11 December 2014 04:40:42 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:08 UTC