Yes, this was updated in the spec but I forgot to update this document as well. Will do so shortly.
Thanks, Brandon On 06/11/2010 11:38 PM, Bil Corry wrote: > I noticed that the "details" page located here: > > > http://people.mozilla.org/~bsterne/content-security-policy/details.html#report-uri > > states that the violation report is an XML document -- e.g.: > > Sample report: > > <csp-report> > <request>GET /index.html HTTP/1.1</request> > <headers>Host: example.com > User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9) > Gecko/2008061015 Firefox/3.0 > Accept: > text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 > </headers> > <blocked>http://evil.com/some_image.png</blocked> > </csp-report> > > But the spec itself states that it's JSON data. I'm guessing JSON was > selected over XML? > > > - Bil _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
