I noticed that the "details" page located here:
http://people.mozilla.org/~bsterne/content-security-policy/details.html#report-uri
states that the violation report is an XML document -- e.g.:
Sample report:
<csp-report>
<request>GET /index.html HTTP/1.1</request>
<headers>Host: example.com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9)
Gecko/2008061015 Firefox/3.0
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
</headers>
<blocked>http://evil.com/some_image.png</blocked>
</csp-report>
But the spec itself states that it's JSON data. I'm guessing JSON was selected
over XML?
- Bil
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
