Skip to content

Commit

Permalink
Augment COEP violation report
Browse files Browse the repository at this point in the history
 - "blocked-url" is renamed to "blockedURL" (whatwg#5818).
 - Added "disposition" (whatwg#5391).
 - Added "destination" (whatwg#5391).

The CORP check now takes "destination" as a parameter.

Fixes whatwg#5391 and whatwg#5818.
  • Loading branch information
yutakahirano committed Aug 20, 2020
1 parent bd32618 commit 6d9f99c
Showing 1 changed file with 17 additions and 10 deletions.
27 changes: 17 additions & 10 deletions source
Original file line number Diff line number Diff line change
Expand Up @@ -80643,7 +80643,7 @@ interface <dfn>BarProp</dfn> {
data-x="coep-unsafe-none">unsafe-none</code>", then <span>queue a cross-origin embedder policy
inheritance violation</span> with <var>response</var>, "<code data-x="">navigation</code>",
<var>parentPolicy</var>'s <span data-x="embedder-policy-report-only-reporting-endpoint">report
only reporting endpoint</span>, and <var>target</var>'s <span
only reporting endpoint</span>, "<code data-x="">reporting</code>", and <var>target</var>'s <span
data-x="bc-container-document">container document</span>'s <span>relevant settings
object</span>.</p></li>

Expand All @@ -80654,7 +80654,8 @@ interface <dfn>BarProp</dfn> {

<li><p><span>Queue a cross-origin embedder policy inheritance violation</span> with
<var>response</var>, "<code data-x="">navigation</code>", <var>parentPolicy</var>'s <span
data-x="embedder-policy-reporting-endpoint">reporting endpoint</span>, and <var>target</var>'s
data-x="embedder-policy-reporting-endpoint">reporting endpoint</span>,
"<code data-x="">enforce</code>", and <var>target</var>'s
<span data-x="bc-container-document">container document</span>'s <span>relevant settings
object</span>.</p></li>

Expand Down Expand Up @@ -80682,7 +80683,7 @@ interface <dfn>BarProp</dfn> {
inheritance violation</span> with <var>response</var>, "<code data-x="">worker
initialization</code>", <var>owner's policy</var>'s <span
data-x="embedder-policy-report-only-reporting-endpoint">report only reporting endpoint</span>,
and <var>owner</var>.</p></li>
"<code data-x="">reporting</code>", and <var>owner</var>.</p></li>

<li><p>If <var>ownerPolicy</var>'s <span data-x="embedder-policy-value">value</span> is "<code
data-x="coep-unsafe-none">unsafe-none</code>" or <var>policy</var>'s <span
Expand All @@ -80691,15 +80692,16 @@ interface <dfn>BarProp</dfn> {

<li><p><span>Queue a cross-origin embedder policy inheritance violation</span> with
<var>response</var>, "<code data-x="">worker initialization</code>", <var>owner's policy</var>'s
<span data-x="embedder-policy-reporting-endpoint">reporting endpoint</span>, and
<var>owner</var>.</p></li>
<span data-x="embedder-policy-reporting-endpoint">reporting endpoint</span>,
"<code data-x="">enforce</code>", and <var>owner</var>.</p></li>

<li><p>Return false.</p></li>
</ol>

<p>To <dfn>queue a cross-origin embedder policy inheritance violation</dfn> given a <span
data-x="concept-response">response</span> <var>response</var>, a string <var>type</var>, a string
<var>endpoint</var>, and an <span>environment settings object</span> <var>settings</var>:</p>
<var>endpoint</var>, a string <var>disposition</var> and an <span>environment settings object</span>
<var>settings</var>:</p>

<ol>
<li><p>Let <var>serialized</var> be the result of <span
Expand All @@ -80722,9 +80724,13 @@ interface <dfn>BarProp</dfn> {
<td><var>type</var></td>
</tr>
<tr>
<td>blocked-url</td>
<td>blockedURL</td>
<td><var>serialized</var></td>
</tr>
<tr>
<td>disposition</td>
<td><var>disposition</var></td>
</tr>
</tbody>
</table>
</li>
Expand Down Expand Up @@ -82860,7 +82866,7 @@ interface <dfn>Location</dfn> { // but see also <a href="#the-location-interface
flags</span> and <var>response</var>'s <span>forced sandboxing flag set</span>.</p></li>

<li><p>Set <var>responseOrigin</var> to the result of <span>determining the origin</span>
given <var>browsingContext</var>, <var>request's</var> <span
given <var>browsingContext</var>, <var>request</var>'s <span
data-x="concept-request-url">url</span>, <var>finalSandboxFlags</var>,
<var>incumbentNavigationOrigin</var>, and <var>activeDocumentNavigationOrigin</var>.</p></li>

Expand Down Expand Up @@ -82898,8 +82904,9 @@ interface <dfn>Location</dfn> { // but see also <a href="#the-location-interface
<span>cross-origin resource policy check</span> with <var>browsingContext</var>'s
<span data-x="bc-container-document">container document</span>'s <span>origin</span>,
<var>browsingContext</var>'s <span data-x="bc-container-document">container
document</span>'s <span>relevant settings object</span>, <var>response</var>, and true is
<b>blocked</b>, then set <var>response</var> to a <span>network error</span> and
document</span>'s <span>relevant settings object</span>, <var>request</var>'s <span
data-x="concept-request-destination">destination</span>, <var>response</var>, and true
is <b>blocked</b>, then set <var>response</var> to a <span>network error</span> and
<span>break</span>.</p>

<p class="note">Here we're running the <span>cross-origin resource policy check</span>
Expand Down

0 comments on commit 6d9f99c

Please sign in to comment.