Remove request-headers from CSP violation reports.
authorAdam Barth <w3c@adambarth.com>
Thu, 02 Feb 2012 13:04:11 -0800
changeset 80044c8c389ad8
parent 79 516e5ca5ddc5
child 81 efb41b4e355c
Remove request-headers from CSP violation reports.
csp-specification.dev.html
     1.1 --- a/csp-specification.dev.html	Thu Feb 02 13:02:25 2012 -0800
     1.2 +++ b/csp-specification.dev.html	Thu Feb 02 13:04:11 2012 -0800
     1.3 @@ -1069,10 +1069,6 @@
     1.4                <dd>HTTP request line of the protected resource whose policy was
     1.5                violated including method, URI and HTTP version</dd>
     1.6  
     1.7 -              <dt>request-headers</dt>
     1.8 -              <dd>HTTP request headers sent with the request for the protected
     1.9 -              resource whose policy was violated</dd>
    1.10 -
    1.11                <dt>blocked-uri</dt>
    1.12                <dd>URI of the resource that was prevented from loading due to
    1.13                the policy violation</dd>
    1.14 @@ -1248,15 +1244,6 @@
    1.15          <pre>{
    1.16    "csp-report": {
    1.17      "request": "GET http://example.org/page.html HTTP/1.1",
    1.18 -    "request-headers": "Host: example.org
    1.19 -                        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:2.0b12pre) Gecko/20110222 Firefox/4.0b12pre
    1.20 -                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    1.21 -                        Accept-Language: en-us,en;q=0.5
    1.22 -                        Accept-Encoding: gzip, deflate
    1.23 -                        Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
    1.24 -                        Keep-Alive: 115
    1.25 -                        Proxy-Connection: keep-alive
    1.26 -                        Cache-Control: max-age=0",
    1.27      "blocked-uri": "http://evil.example.com/image.png",
    1.28      "violated-directive": "default-src http://example.org"
    1.29    }