ISSUE-12: Should 'self' be required to be replaced by explict host in reports?

Should 'self' be required to be replaced by explict host in reports?

State:
CLOSED
Product:
CSP Level 1
Raised by:
Brad Hill
Opened on:
2012-01-17
Description:
Section 5.3 of CSP:

In the above sample report the violated-directive field was sent in the way it was interpreted by the user-agent. The directive was made explicit by replacing the keyword 'self' with the explicit host name of the protected resource. This is recommended behavior for user-agents as it reduces ambiguity, making policy violations easier to trace by server admins.

Issue:
Should we add this as a requirement when preparing reports?
Related Actions Items:
No related actions
Related emails:
No related emails

Related notes:

DocumentURI property in the report allows this to be determined.

Brad Hill, 11 Sep 2012, 21:16:45

Display change log ATOM feed


Daniel Veditz <dveditz@mozilla.com>, Mike West <mkwst@google.com>, Chairs, Wendy Seltzer <wseltzer@w3.org>, Samuel Weiler <weiler@w3.org>, Staff Contacts
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: 12.html,v 1.1 2020/01/17 08:52:20 carcone Exp $