Skip to content

Commit

Permalink
Augment COEP violation report
Browse files Browse the repository at this point in the history
 - "blocked-url" is renamed to "blockedURL" (whatwg/html#5818).
 - Added "disposition" (whatwg/html#5391).
 - Added "destination" (whatwg/html#5391).

The CORP check now takes "destination" as a parameter.
  • Loading branch information
yutakahirano committed Aug 20, 2020
1 parent 28e6e68 commit cc7b5af
Showing 1 changed file with 21 additions and 9 deletions.
30 changes: 21 additions & 9 deletions fetch.bs
Original file line number Diff line number Diff line change
Expand Up @@ -3232,9 +3232,9 @@ Cross-Origin-Resource-Policy = %s"same-origin" / %s"same-site" / %s"cross-or
</code></pre>

<p>To perform a <dfn export>cross-origin resource policy check</dfn>, given an <a for=url>origin</a>
<var>origin</var>, an <a for=/>environment settings object</a> <var>settingsObject</var>, a
<a for=/>response</a> <var>response</var>, and an optional boolean <var>forNavigation</var>, run
these steps:
<var>origin</var>, an <a for=/>environment settings object</a> <var>settingsObject</var>, a string
<var>destination</var>, a <a for=/>response</a> <var>response</var>, and an optional boolean
<var>forNavigation</var>, run these steps:

<ol>
<li><p>Set <var>forNavigation</var> to false if it is not given.
Expand All @@ -3254,14 +3254,14 @@ these steps:
<var>embedderPolicy</var>'s <a for="embedder policy">report only value</a>, <var>response</var>,
and <var>forNavigation</var> returns <b>blocked</b>, then
<a>queue a cross-origin embedder policy CORP violation report</a> with <var>response</var>,
<var>settingsObject</var>, and true.
<var>settingsObject</var>, <var>destination</var>, and true.

<li><p>If the <a>cross-origin resource policy internal check</a> with <var>origin</var>,
<var>embedderPolicy</var>'s <a for="embedder policy">value</a>, <var>response</var>, and
<var>forNavigation</var> returns <b>allowed</b>, then return <b>allowed</b>.

<li><p><a>Queue a cross-origin embedder policy CORP violation report</a> with <var>response</var>,
<var>settingsObject</var>, and false.
<var>settingsObject</var>, <var>destination</var>, and false.

<li><p>Return <b>blocked</b>.
</ol>
Expand Down Expand Up @@ -3341,7 +3341,8 @@ these steps:

<p>To <dfn>queue a cross-origin embedder policy CORP violation report</dfn>, given a
<a for=/>response</a> <var>response</var>, an <a for=/>environment settings object</a>
<var>settingsObject</var>, and a boolean <var>reportOnly</var>, run these steps:
<var>settingsObject</var>, a string <var>destination</var>, and a boolean <var>reportOnly</var>,
run these steps:

<ol>
<li><p>Let <var>endpoint</var> be <var>settingsObject</var>'s
Expand All @@ -3350,10 +3351,13 @@ these steps:
<var>settingsObject</var>'s <a for="environment settings object">embedder policy</a>'s
<a for="embedder policy">reporting endpoint</a> otherwise.

<li><p>Let <var>serialized url</var> be the result of
<li><p>Let <var>serializedURL</var> be the result of
<a lt="serialize a response URL for reporting">serializing a response URL for reporting</a> with
<var>response</var>.

<li><p>Let <var>disposition</var> be "<code>reporting</code>" if <var>reportOnly</var> is true,
and "<code>enforce</code>" otherwise.

<li>
<p>Let <var>body</var> be a new object containing the following properties:

Expand All @@ -3368,8 +3372,16 @@ these steps:
<td>"<code>corp</code>"
</tr>
<tr>
<td>"<code>blocked-url</code>"
<td><var>serialized url</var>
<td>"<code>blockedURL</code>"
<td><var>serializedURL</var>
</tr>
<tr>
<td>"<code>destination</code>"
<td><var>destination</var>
</tr>
<tr>
<td>"<code>disposition</code>"
<td><var>disposition</var>
</tr>
</tbody>
</table>
Expand Down

0 comments on commit cc7b5af

Please sign in to comment.