Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Capability URL problem bigger than advertized #155

Closed
annevk opened this issue May 13, 2019 · 3 comments · Fixed by #230
Closed

Capability URL problem bigger than advertized #155

annevk opened this issue May 13, 2019 · 3 comments · Fixed by #230
Labels
report-delivery Covers the core delivery of reports via HTTP

Comments

@annevk
Copy link
Member

annevk commented May 13, 2019

Given that quite often capability URLs are origin + path I think https://w3c.github.io/reporting/#capability-urls needs improving. It's rather seldom that capabilities are stored in username/password/fragment. While good that they are stripped, selling that as solving the problem (apart from body) is not good.
@dcreager
Copy link
Member

You're right that stripping username/password from the URL isn't enough! The analogous section in the NEL spec (last paragraph of §9) instead says that if you're encoding permissions in URL paths, you should run your own collectors and not upload reports to third parties. Would you consider that language sufficient?

@annevk
Copy link
Member Author

annevk commented May 14, 2019

Yeah, that seems more reasonable. In particular whatever we say should work for GitHub's gists and Flickr (at least I remember that using these, not sure if that's still the case).

@dcreager dcreager added the report-delivery Covers the core delivery of reports via HTTP label Jun 26, 2019
@dcreager dcreager mentioned this issue Jun 26, 2019
Open
@clelland clelland mentioned this issue Oct 23, 2020
Open
clelland added a commit that referenced this issue Feb 17, 2021
@clelland
Expand on capability URL privacy hazards.
e3a229d 
Fixes #155
@clelland
Copy link
Contributor

I've taken another stab at the wording here, trying to include:

  • what this spec does -- strip explicit credentials and fragments from the report's URL;
  • what extensions should do -- strip similar information from any URLs defined in the body;
  • and what sites deploying reporting need to be aware of -- that sensitive information in URL paths is not stripped, and that if they use such URLs, they may need to also deploy their own collectors.

I've also referenced the TAGs findings directly.

@clelland clelland mentioned this issue Feb 18, 2021
Merged
clelland added a commit that referenced this issue Feb 24, 2021
@clelland
Merge pull request #230 from w3c/capability-urls
2bd9d5a 
Expand on capability URL privacy hazards.

Closes: #155
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
report-delivery Covers the core delivery of reports via HTTP
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Expand on capability URL privacy hazards. w3c/reporting
3 participants
@dcreager @clelland @annevk