ISSUE-12: Should 'self' be required to be replaced by explict host in reports?
Should 'self' be required to be replaced by explict host in reports?
- State:
- CLOSED
- Product:
- CSP Level 1
- Raised by:
- Brad Hill
- Opened on:
- 2012-01-17
- Description:
- Section 5.3 of CSP:
In the above sample report the violated-directive field was sent in the way it was interpreted by the user-agent. The directive was made explicit by replacing the keyword 'self' with the explicit host name of the protected resource. This is recommended behavior for user-agents as it reduces ambiguity, making policy violations easier to trace by server admins.
Issue:
Should we add this as a requirement when preparing reports?
- Related Actions Items:
- No related actions
- Related emails:
- No related emails
Related notes:
DocumentURI property in the report allows this to be determined.
Brad Hill, 11 Sep 2012, 21:16:45Display change log