CSP violations introduced by Addons / Extensions from Eduardo' Vela on 2012-10-25 (public-web-security@w3.org from October 2012)

From: Eduardo' Vela <evn@google.com>
Date: Wed, 24 Oct 2012 23:22:00 -0700
To: "public-web-security@w3.org" <public-web-security@w3.org>
Message-ID: <CAFswPa-foLYABt4xBhoqQdrARVa3M7Tx4dnQWfGW7NfTbKbvgw@mail.gmail.com>

We've noticed that Extensions and Addons are responsible for CSP reports,
and it's hard for us to debug that.

It would be nice if there was a flag in the report that specifies if the
violation was initiated by an extension or an addon.

I understand there are challenges on doing this (eg, an extension can
inject a script which later generates a report).

Being able to differentiate this problems would assist us to more quickly
and efficiently reproduce and triage bugs.

This goes hand in hand with the other request (generating a DOM event/error
on CSP violations).

Received on Thursday, 25 October 2012 06:22:47 UTC