- From: Eduardo' Vela <evn@google.com>
- Date: Thu, 25 Oct 2012 07:49:16 -0700
- To: Mike West <mkwst@google.com>
- Cc: public-webappsec@w3.org, Adam Barth <w3c@adambarth.com>
- Message-ID: <CAFswPa_Y+Eig=YDkLOpVBNBrE187q33Cv4iWFr5ixW3ZB8fUFA@mail.gmail.com>
The console warnings are nice, but when we receive tens of millions of reports, its hard to find duplicates and its hard to reproduce. On Oct 24, 2012 11:58 PM, "Mike West" <mkwst@google.com> wrote: > Triggering an error is something we should probably be doing anyway. There > are a number of bugs in WebKit on exactly this point. I know we're > currently triggering an error event for images, but there are a number of > other elements where that's not happening. > > Beyond the error event, are you asking for a new event type for resources > blocked by CSP? Do the console warnings not give you enough detail? > > -- > Mike West <mkwst@google.com>, Developer Advocate > Google Germany GmbH, Dienerstrasse 12, 80331 München, Germany > Google+: https://mkw.st/+, Twitter: @mikewest, Cell: +49 162 10 255 91 > > > On Thu, Oct 25, 2012 at 8:31 AM, Adam Barth <w3c@adambarth.com> wrote: > >> On Wed, Oct 24, 2012 at 11:18 PM, Eduardo' Vela <evn@google.com> wrote: >> > I believe this has been discussed before. >> > >> > We have found a lot of challenges triaging reports to the point we are >> > considering disabling CSP since it's useless as we can't effectively >> debug >> > it, this is very important for large scale applications. >> > >> > Could it be possible to trigger a CSP DOM event or simply trigger an >> error >> > (which will raise an onerror event). >> >> This sounds like something we should experiment with in CSP 1.1. We >> can try a prototype implementation in WebKit to see how feasible it >> is. >> >> Adam >> >> >
Received on Thursday, 25 October 2012 14:49:43 UTC