W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2015

Re: CSP Versions in Violation Reports

From: Devdatta Akhawe <dev.akhawe@gmail.com>
Date: Sun, 18 Jan 2015 23:47:59 -0800
Message-ID: <CAPfop_1c-_SzfTbQiKVG4bk0kdHs_47c8hR=SNQrPZ1P7VZtAw@mail.gmail.com>
To: Boris Chen <boris@tcell.io>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
Hey Boris

Can you tell more on how version info would help make synthesizing
reports on violations more accurate? Also, why can't you achieve this
based on the violated directive in the report? For example, if UA
supports a new foo-bar directive, you will have violation reports with
foo-bar in the violated directive; otherwise you wont.

cheers
Dev

On 18 January 2015 at 21:44, Boris Chen <boris@tcell.io> wrote:
> Hello,
>
> I've been playing around with CSP reporting, and I was wondering if there
> has been any discussion of including CSP version in the reports.
>
> User-agents will obviously be supporting different versions of CSP for a
> given web application, and therefore, the reports will vary depending on the
> user-agents. The version info would help reporting on the violation reports
> more accurate. This won't help for current versions supported, but would be
> helpful for the future..
>
> Any thoughts?
>
> Regards,
> Boris Chen
>
Received on Monday, 19 January 2015 07:48:47 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:09 UTC