Here it is in the spec: https://wiki.mozilla.org/Security/CSP/Specification#Violation_Report_Syntax
-Sid On 06/14/2010 09:34 AM, Brandon Sterne wrote: > Yes, this was updated in the spec but I forgot to update this document > as well. Will do so shortly. > > Thanks, > Brandon > > > On 06/11/2010 11:38 PM, Bil Corry wrote: >> I noticed that the "details" page located here: >> >> >> http://people.mozilla.org/~bsterne/content-security-policy/details.html#report-uri >> >> states that the violation report is an XML document -- e.g.: >> >> Sample report: >> >> <csp-report> >> <request>GET /index.html HTTP/1.1</request> >> <headers>Host: example.com >> User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9) >> Gecko/2008061015 Firefox/3.0 >> Accept: >> text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 >> </headers> >> <blocked>http://evil.com/some_image.png</blocked> >> </csp-report> >> >> But the spec itself states that it's JSON data. I'm guessing JSON was >> selected over XML? >> >> >> - Bil _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security