This repository has been archived by the owner on Oct 16, 2020. It is now read-only.
Modify CORP for COEP reporting #9
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
ping |
1 similar comment
|
ping |
|
I started implementation, and https://chromium-review.googlesource.com/c/chromium/src/+/2076223 has web platform tests. |
chromium-wpt-export-bot
pushed a commit
to web-platform-tests/wpt
that referenced
this pull request
Feb 27, 2020
1: https://crrev.com/c/2074177 2: https://crrev.com/c/2075002 3: [this] This series of CLs implements WICG/cross-origin-embedder-policy#9. We introduce network::mojom::CrossOriginEmbedderPolicyReporter and its implementation content::CrossOriginEmbedderPolicyReporter, implement the reporting logic in content::CrossOriginEmbedderPolicyReporter and the CORP check, and plumb the mojo interface. This CL creates CrossOriginEmbedderPolicyReport during the frame navigation and dedicated worker initialization, and give it to the network service so that (possibly potential) CORP blocks are reported. Bug: 1052764 Change-Id: Ia39ff8277eb23d96025f5e6fba4e5a4fa6ffde70
chromium-wpt-export-bot
pushed a commit
to web-platform-tests/wpt
that referenced
this pull request
Mar 2, 2020
1: https://crrev.com/c/2074177 2: https://crrev.com/c/2075002 3: [this] This series of CLs implements WICG/cross-origin-embedder-policy#9. We introduce network::mojom::CrossOriginEmbedderPolicyReporter and its implementation content::CrossOriginEmbedderPolicyReporter, implement the reporting logic in content::CrossOriginEmbedderPolicyReporter and the CORP check, and plumb the mojo interface. This CL creates CrossOriginEmbedderPolicyReport during the frame navigation and dedicated worker initialization, and give it to the network service so that (possibly potential) CORP blocks are reported. Bug: 1052764 Change-Id: Ia39ff8277eb23d96025f5e6fba4e5a4fa6ffde70
chromium-wpt-export-bot
pushed a commit
to web-platform-tests/wpt
that referenced
this pull request
Mar 3, 2020
1: https://crrev.com/c/2074177 2: https://crrev.com/c/2075002 3: [this] This series of CLs implements WICG/cross-origin-embedder-policy#9. We introduce network::mojom::CrossOriginEmbedderPolicyReporter and its implementation content::CrossOriginEmbedderPolicyReporter, implement the reporting logic in content::CrossOriginEmbedderPolicyReporter and the CORP check, and plumb the mojo interface. This CL creates CrossOriginEmbedderPolicyReport during the frame navigation and dedicated worker initialization, and give it to the network service so that (possibly potential) CORP blocks are reported. Bug: 1052764 Change-Id: Ia39ff8277eb23d96025f5e6fba4e5a4fa6ffde70
mikewest
reviewed
Mar 3, 2020
index.bs
Outdated
|
|
||
| 1. Let |blocked url| be the first URL of |request|'s [=request/URL list=]. | ||
|
|
||
| 2. Set |blocked url|'s [=url/username=] to the empty string, and its [=url/password=] to `null`. |
There was a problem hiding this comment.
Nit: I wonder if we should add some mechanism to the URL serializer to exclude credentials, as we do this kind of thing in a few places. Not for this PR, obviously...
index.bs
Outdated
|
|
||
| 4. Let |body| be a new object containing the following properties with keys: | ||
|
|
||
| * key: "`blocked`", value: |serialized blocked url|. |
There was a problem hiding this comment.
Is this enough context? It's not clear to me what @arturjanc and co. actually need (nor do I recall off the top of my head what the Reporting API provides on its own... Is https://w3c.github.io/reporting/#try-delivery up to date?).
There was a problem hiding this comment.
It looks like the default url value provided by the Reporting API and the blocked URL here would be sufficient for developers to debug CORP violations.
BTW, I'm not sure if it's intentional but CSP uses blocked-uri as the key for resources that didn't load (as opposed to blocked here), so maybe there's some value in making this consistent?
There was a problem hiding this comment.
Another value that could potentially be useful is Request.destination (so the developer would know what kind of resource didn't load, e.g. they could prioritize fixing scripts) but this is a more of a nice-to-have than a necessity for debugging.
There was a problem hiding this comment.
Nit: blocked-uri is deprecated. blocked-url (with an L, not an I) is preferred. :)
(I suspect @domenic would prefer that we follow the suggestions in https://w3ctag.github.io/design-principles/#casing-rules, using _ instead of -. Unfortunately, CSP is old and crusty and predates those good ideas.)
mikewest
reviewed
Mar 3, 2020
There was a problem hiding this comment.
LGTM % the notes here. I think we can land this without waiting for @arturjanc, as we can always add bits and pieces later, and getting the infrastructure in place is more pressing.
yutakahirano
force-pushed
the
yhirano/report-to-corp
branch
from
bf3484e to
873301b
Compare
Queue a report when CORP see potential failures due to COEP. Discussed at whatwg/html#5100.
yutakahirano
force-pushed
the
yhirano/report-to-corp
branch
from
56dfab6 to
9f178a7
Compare
mikewest
approved these changes
Mar 4, 2020
There was a problem hiding this comment.
LGTM. Thanks!
I'd suggest that you just merge this, and discuss additional changes to the value of the report with @arturjanc, et al. in a separate PR that also introduces the COEPReportBody interface.
index.bs
Outdated
|
|
||
| 4. Let |body| be a new object containing the following properties with keys: | ||
|
|
||
| * key: "`blocked`", value: |serialized blocked url|. |
There was a problem hiding this comment.
Nit: blocked-uri is deprecated. blocked-url (with an L, not an I) is preferred. :)
(I suspect @domenic would prefer that we follow the suggestions in https://w3ctag.github.io/design-principles/#casing-rules, using _ instead of -. Unfortunately, CSP is old and crusty and predates those good ideas.)
Co-Authored-By: Mike West <mike@mikewest.org>
|
Done. Replaced " |
|
Oh sorry I overlooked your last comment. Removed the destinaion from the report.
I think I don't have a commit access. |
Ah. Let's fix that. Invite's waiting in your inbox! |
|
Thank you! Merged. |
chromium-wpt-export-bot
pushed a commit
to web-platform-tests/wpt
that referenced
this pull request
Mar 4, 2020
1: https://crrev.com/c/2074177 2: https://crrev.com/c/2075002 3: [this] This series of CLs implements WICG/cross-origin-embedder-policy#9. We introduce network::mojom::CrossOriginEmbedderPolicyReporter and its implementation content::CrossOriginEmbedderPolicyReporter, implement the reporting logic in content::CrossOriginEmbedderPolicyReporter and the CORP check, and plumb the mojo interface. This CL creates CrossOriginEmbedderPolicyReport during the frame navigation and dedicated worker initialization, and give it to the network service so that (possibly potential) CORP blocks are reported. Bug: 1052764 Change-Id: Ia39ff8277eb23d96025f5e6fba4e5a4fa6ffde70
chromium-wpt-export-bot
pushed a commit
to web-platform-tests/wpt
that referenced
this pull request
Mar 4, 2020
1: https://crrev.com/c/2074177 2: https://crrev.com/c/2075002 3: [this] This series of CLs implements WICG/cross-origin-embedder-policy#9. We introduce network::mojom::CrossOriginEmbedderPolicyReporter and its implementation content::CrossOriginEmbedderPolicyReporter, implement the reporting logic in content::CrossOriginEmbedderPolicyReporter and the CORP check, and plumb the mojo interface. This CL creates CrossOriginEmbedderPolicyReport during the frame navigation and dedicated worker initialization, and give it to the network service so that (possibly potential) CORP blocks are reported. Bug: 1052764 Change-Id: Ia39ff8277eb23d96025f5e6fba4e5a4fa6ffde70
chromium-wpt-export-bot
pushed a commit
to web-platform-tests/wpt
that referenced
this pull request
Mar 4, 2020
1: https://crrev.com/c/2074177 2: https://crrev.com/c/2075002 3: [this] This series of CLs implements WICG/cross-origin-embedder-policy#9. We introduce network::mojom::CrossOriginEmbedderPolicyReporter and its implementation content::CrossOriginEmbedderPolicyReporter, implement the reporting logic in content::CrossOriginEmbedderPolicyReporter and the CORP check, and plumb the mojo interface. This CL creates CrossOriginEmbedderPolicyReport during the frame navigation and dedicated worker initialization, and give it to the network service so that (possibly potential) CORP blocks are reported. Bug: 1052764 Change-Id: Ia39ff8277eb23d96025f5e6fba4e5a4fa6ffde70
chromium-wpt-export-bot
pushed a commit
to web-platform-tests/wpt
that referenced
this pull request
Mar 5, 2020
1: https://crrev.com/c/2074177 2: https://crrev.com/c/2075002 3: [this] This series of CLs implements WICG/cross-origin-embedder-policy#9. We introduce network::mojom::CrossOriginEmbedderPolicyReporter and its implementation content::CrossOriginEmbedderPolicyReporter, implement the reporting logic in content::CrossOriginEmbedderPolicyReporter and the CORP check, and plumb the mojo interface. This CL creates CrossOriginEmbedderPolicyReport during the frame navigation and dedicated worker initialization, and give it to the network service so that (possibly potential) CORP blocks are reported. Bug: 1052764 Change-Id: Ia39ff8277eb23d96025f5e6fba4e5a4fa6ffde70
chromium-wpt-export-bot
pushed a commit
to web-platform-tests/wpt
that referenced
this pull request
Mar 5, 2020
1: https://crrev.com/c/2074177 2: https://crrev.com/c/2075002 3: [this] This series of CLs implements WICG/cross-origin-embedder-policy#9. We introduce network::mojom::CrossOriginEmbedderPolicyReporter and its implementation content::CrossOriginEmbedderPolicyReporter, implement the reporting logic in content::CrossOriginEmbedderPolicyReporter and the CORP check, and plumb the mojo interface. This CL creates CrossOriginEmbedderPolicyReport during the frame navigation and dedicated worker initialization, and give it to the network service so that (possibly potential) CORP blocks are reported. Bug: 1052764 Change-Id: Ia39ff8277eb23d96025f5e6fba4e5a4fa6ffde70
chromium-wpt-export-bot
pushed a commit
to web-platform-tests/wpt
that referenced
this pull request
Mar 5, 2020
1: https://crrev.com/c/2074177 2: https://crrev.com/c/2075002 3: [this] This series of CLs implements WICG/cross-origin-embedder-policy#9. We introduce network::mojom::CrossOriginEmbedderPolicyReporter and its implementation content::CrossOriginEmbedderPolicyReporter, implement the reporting logic in content::CrossOriginEmbedderPolicyReporter and the CORP check, and plumb the mojo interface. This CL creates CrossOriginEmbedderPolicyReport during the frame navigation and dedicated worker initialization, and give it to the network service so that (possibly potential) CORP blocks are reported. Bug: 1052764 Change-Id: Ia39ff8277eb23d96025f5e6fba4e5a4fa6ffde70 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2076223 Commit-Queue: Yutaka Hirano <yhirano@chromium.org> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Cr-Commit-Position: refs/heads/master@{#747176}
blueboxd
pushed a commit
to blueboxd/chromium-legacy
that referenced
this pull request
Mar 5, 2020
1: [this] 2: https://crrev.com/c/2075002 3: https://crrev.com/c/2076223 This series of CLs implements WICG/cross-origin-embedder-policy#9. We introduce network::mojom::CrossOriginEmbedderPolicyReporter and its implementation content::CrossOriginEmbedderPolicyReporter, implement the reporting logic in content::CrossOriginEmbedderPolicyReporter and the CORP check, and plumb the mojo interface. This CL introduces network::mojom::CrossOriginEmbedderPolicyReporter and its implementation content::CrossOriginEmbedderPolicyReporter. Bug: 1052764 Change-Id: I7ccce3e39c760393bf2d1b73786cf2a7ae838fde Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2074177 Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Commit-Queue: Yutaka Hirano <yhirano@chromium.org> Cr-Commit-Position: refs/heads/master@{#747170}
blueboxd
pushed a commit
to blueboxd/chromium-legacy
that referenced
this pull request
Mar 5, 2020
1: https://crrev.com/c/2074177 2: [this] 3: https://crrev.com/c/2076223 This series of CLs implements WICG/cross-origin-embedder-policy#9. We introduce network::mojom::CrossOriginEmbedderPolicyReporter and its implementation content::CrossOriginEmbedderPolicyReporter, implement the reporting logic in content::CrossOriginEmbedderPolicyReporter and the CORP check, and plumb the mojo interface. This CL implements the reporting logic in the CORP check. Bug: 1052764 Change-Id: Ia3c4d3aec886c76be6dd32083809e9e447ce2a4f Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2075002 Commit-Queue: Yutaka Hirano <yhirano@chromium.org> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Cr-Commit-Position: refs/heads/master@{#747172}
blueboxd
pushed a commit
to blueboxd/chromium-legacy
that referenced
this pull request
Mar 5, 2020
1: https://crrev.com/c/2074177 2: https://crrev.com/c/2075002 3: [this] This series of CLs implements WICG/cross-origin-embedder-policy#9. We introduce network::mojom::CrossOriginEmbedderPolicyReporter and its implementation content::CrossOriginEmbedderPolicyReporter, implement the reporting logic in content::CrossOriginEmbedderPolicyReporter and the CORP check, and plumb the mojo interface. This CL creates CrossOriginEmbedderPolicyReport during the frame navigation and dedicated worker initialization, and give it to the network service so that (possibly potential) CORP blocks are reported. Bug: 1052764 Change-Id: Ia39ff8277eb23d96025f5e6fba4e5a4fa6ffde70 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2076223 Commit-Queue: Yutaka Hirano <yhirano@chromium.org> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Cr-Commit-Position: refs/heads/master@{#747176}
chromium-wpt-export-bot
pushed a commit
to web-platform-tests/wpt
that referenced
this pull request
Mar 5, 2020
1: https://crrev.com/c/2074177 2: https://crrev.com/c/2075002 3: [this] This series of CLs implements WICG/cross-origin-embedder-policy#9. We introduce network::mojom::CrossOriginEmbedderPolicyReporter and its implementation content::CrossOriginEmbedderPolicyReporter, implement the reporting logic in content::CrossOriginEmbedderPolicyReporter and the CORP check, and plumb the mojo interface. This CL creates CrossOriginEmbedderPolicyReport during the frame navigation and dedicated worker initialization, and give it to the network service so that (possibly potential) CORP blocks are reported. Bug: 1052764 Change-Id: Ia39ff8277eb23d96025f5e6fba4e5a4fa6ffde70 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2076223 Commit-Queue: Yutaka Hirano <yhirano@chromium.org> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Cr-Commit-Position: refs/heads/master@{#747176}
xeonchen
pushed a commit
to xeonchen/gecko
that referenced
this pull request
Mar 7, 2020
… a=testonly Automatic update from web-platform-tests Introduce COEP reporting for CORP (3/3) 1: https://crrev.com/c/2074177 2: https://crrev.com/c/2075002 3: [this] This series of CLs implements WICG/cross-origin-embedder-policy#9. We introduce network::mojom::CrossOriginEmbedderPolicyReporter and its implementation content::CrossOriginEmbedderPolicyReporter, implement the reporting logic in content::CrossOriginEmbedderPolicyReporter and the CORP check, and plumb the mojo interface. This CL creates CrossOriginEmbedderPolicyReport during the frame navigation and dedicated worker initialization, and give it to the network service so that (possibly potential) CORP blocks are reported. Bug: 1052764 Change-Id: Ia39ff8277eb23d96025f5e6fba4e5a4fa6ffde70 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2076223 Commit-Queue: Yutaka Hirano <yhirano@chromium.org> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Cr-Commit-Position: refs/heads/master@{#747176} -- wpt-commits: 0d183bf3945eda537d23f8d37afbde1dad982544 wpt-pr: 22005
moz-v2v-gh
pushed a commit
to mozilla/gecko-dev
that referenced
this pull request
Mar 7, 2020
… a=testonly Automatic update from web-platform-tests Introduce COEP reporting for CORP (3/3) 1: https://crrev.com/c/2074177 2: https://crrev.com/c/2075002 3: [this] This series of CLs implements WICG/cross-origin-embedder-policy#9. We introduce network::mojom::CrossOriginEmbedderPolicyReporter and its implementation content::CrossOriginEmbedderPolicyReporter, implement the reporting logic in content::CrossOriginEmbedderPolicyReporter and the CORP check, and plumb the mojo interface. This CL creates CrossOriginEmbedderPolicyReport during the frame navigation and dedicated worker initialization, and give it to the network service so that (possibly potential) CORP blocks are reported. Bug: 1052764 Change-Id: Ia39ff8277eb23d96025f5e6fba4e5a4fa6ffde70 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2076223 Commit-Queue: Yutaka Hirano <yhirano@chromium.org> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Cr-Commit-Position: refs/heads/master@{#747176} -- wpt-commits: 0d183bf3945eda537d23f8d37afbde1dad982544 wpt-pr: 22005
gecko-dev-updater
pushed a commit
to marco-c/gecko-dev-comments-removed
that referenced
this pull request
Mar 9, 2020
… a=testonly Automatic update from web-platform-tests Introduce COEP reporting for CORP (3/3) 1: https://crrev.com/c/2074177 2: https://crrev.com/c/2075002 3: [this] This series of CLs implements WICG/cross-origin-embedder-policy#9. We introduce network::mojom::CrossOriginEmbedderPolicyReporter and its implementation content::CrossOriginEmbedderPolicyReporter, implement the reporting logic in content::CrossOriginEmbedderPolicyReporter and the CORP check, and plumb the mojo interface. This CL creates CrossOriginEmbedderPolicyReport during the frame navigation and dedicated worker initialization, and give it to the network service so that (possibly potential) CORP blocks are reported. Bug: 1052764 Change-Id: Ia39ff8277eb23d96025f5e6fba4e5a4fa6ffde70 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2076223 Commit-Queue: Yutaka Hirano <yhiranochromium.org> Reviewed-by: Kinuko Yasuda <kinukochromium.org> Cr-Commit-Position: refs/heads/master{#747176} -- wpt-commits: 0d183bf3945eda537d23f8d37afbde1dad982544 wpt-pr: 22005 UltraBlame original commit: 928df8a4bbe0707f3da7ee6ebb8516f2eab4b142
gecko-dev-updater
pushed a commit
to marco-c/gecko-dev-wordified
that referenced
this pull request
Mar 9, 2020
… a=testonly Automatic update from web-platform-tests Introduce COEP reporting for CORP (3/3) 1: https://crrev.com/c/2074177 2: https://crrev.com/c/2075002 3: [this] This series of CLs implements WICG/cross-origin-embedder-policy#9. We introduce network::mojom::CrossOriginEmbedderPolicyReporter and its implementation content::CrossOriginEmbedderPolicyReporter, implement the reporting logic in content::CrossOriginEmbedderPolicyReporter and the CORP check, and plumb the mojo interface. This CL creates CrossOriginEmbedderPolicyReport during the frame navigation and dedicated worker initialization, and give it to the network service so that (possibly potential) CORP blocks are reported. Bug: 1052764 Change-Id: Ia39ff8277eb23d96025f5e6fba4e5a4fa6ffde70 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2076223 Commit-Queue: Yutaka Hirano <yhiranochromium.org> Reviewed-by: Kinuko Yasuda <kinukochromium.org> Cr-Commit-Position: refs/heads/master{#747176} -- wpt-commits: 0d183bf3945eda537d23f8d37afbde1dad982544 wpt-pr: 22005 UltraBlame original commit: 928df8a4bbe0707f3da7ee6ebb8516f2eab4b142
gecko-dev-updater
pushed a commit
to marco-c/gecko-dev-wordified-and-comments-removed
that referenced
this pull request
Mar 10, 2020
… a=testonly Automatic update from web-platform-tests Introduce COEP reporting for CORP (3/3) 1: https://crrev.com/c/2074177 2: https://crrev.com/c/2075002 3: [this] This series of CLs implements WICG/cross-origin-embedder-policy#9. We introduce network::mojom::CrossOriginEmbedderPolicyReporter and its implementation content::CrossOriginEmbedderPolicyReporter, implement the reporting logic in content::CrossOriginEmbedderPolicyReporter and the CORP check, and plumb the mojo interface. This CL creates CrossOriginEmbedderPolicyReport during the frame navigation and dedicated worker initialization, and give it to the network service so that (possibly potential) CORP blocks are reported. Bug: 1052764 Change-Id: Ia39ff8277eb23d96025f5e6fba4e5a4fa6ffde70 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2076223 Commit-Queue: Yutaka Hirano <yhiranochromium.org> Reviewed-by: Kinuko Yasuda <kinukochromium.org> Cr-Commit-Position: refs/heads/master{#747176} -- wpt-commits: 0d183bf3945eda537d23f8d37afbde1dad982544 wpt-pr: 22005 UltraBlame original commit: 928df8a4bbe0707f3da7ee6ebb8516f2eab4b142
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Queue a report when CORP see potential failures due to COEP.
Discussed at whatwg/html#5100.