I'd like to propose adding a new field to the CSP reports: report-only. It's [arguably] valuable to know whether or not the policy was enforced when a given violation report is generated. Sometimes policies are enforced for a percentage or defined subset of users (or not at all), but there is no way to determine this from the report without "smuggling" params in the report-uri. As you can probably tell, I'm not entirely convinced this is even worth while (like my status code proposal).Received on Thursday, 26 June 2014 01:33:53 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:39 UTC