Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(991)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 591413003: Add a mechanism for users to opt-out of CSP & XSS violations reports.

Created:
6 years, 3 months ago by Mayur Kankanwadi
Modified:
6 years, 2 months ago
CC:
blink-reviews, abarth-chromium, dglazkov+blink, blink-reviews-html_chromium.org, jamesr, mkwst+moarreviews_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/blink.git@master
Project:
blink
Visibility:
Public.

Description

Add a mechanism for users to opt-out of CSP & XSS violations reports. Added a setting to allow the users to opt out of sending CSP & XSS violation reports. This just has Blink side changes. BUG=392146

Patch Set 1 #

Total comments: 5

Patch Set 2 : Review comments incorporated. #

Total comments: 1

Patch Set 3 : Fixed function case inconsistency. #

Unified diffs Side-by-side diffs Delta from patch set Stats (+24 lines, -2 lines) Patch
M Source/core/frame/Settings.in View 1 2 1 chunk +4 lines, -0 lines 0 comments Download
M Source/core/frame/csp/ContentSecurityPolicy.cpp View 1 2 chunks +2 lines, -1 line 0 comments Download
M Source/core/html/parser/XSSAuditorDelegate.cpp View 1 2 2 chunks +2 lines, -1 line 0 comments Download
M Source/web/WebSettingsImpl.h View 1 1 chunk +3 lines, -0 lines 0 comments Download
M Source/web/WebSettingsImpl.cpp View 1 1 chunk +11 lines, -0 lines 0 comments Download
M public/web/WebSettings.h View 1 1 chunk +2 lines, -0 lines 0 comments Download

Messages

Total messages: 7 (2 generated)
Mike West
This looks pretty reasonable. Two comments inline. https://codereview.chromium.org/591413003/diff/1/Source/core/frame/Settings.in File Source/core/frame/Settings.in (right): https://codereview.chromium.org/591413003/diff/1/Source/core/frame/Settings.in#newcode301 Source/core/frame/Settings.in:301: CSPViolationReportsUploadOptOut initial=false ...
6 years, 3 months ago (2014-09-24 09:07:55 UTC) #2
Mayur Kankanwadi
Thanks for the review. Incorporated the comments. PTAL. Thanks. https://codereview.chromium.org/591413003/diff/1/Source/core/frame/Settings.in File Source/core/frame/Settings.in (right): https://codereview.chromium.org/591413003/diff/1/Source/core/frame/Settings.in#newcode301 Source/core/frame/Settings.in:301: ...
6 years, 2 months ago (2014-09-25 08:40:37 UTC) #3
Mike West
LGTM, if you promise to add a TestRunner method in a followup patch on the ...
6 years, 2 months ago (2014-09-25 16:59:38 UTC) #4
Mayur Kankanwadi
Hi Adam & James, Please review the public and source/web folder related changes in this ...
6 years, 2 months ago (2014-09-25 17:58:44 UTC) #6
Mayur Kankanwadi
6 years, 2 months ago (2014-09-26 05:29:12 UTC) #7 
Hi Mike,
Thanks for the review.
I will follow up this issue and complete the steps mentioned.
Let's see where this heads. :)

> LGTM, if you promise to add a TestRunner method in a followup patch on the
> Chromium side (see //content/shell/renderer/test_runner/test_runner.h), and
then
> to add layout tests which verify that reports aren't set if the setting is
> toggled in a followup patch on the Blink side.
> 
> You'll still need an OWNER of public and source/web to review the CL, of
course.
> 
>
https://codereview.chromium.org/591413003/diff/20001/Source/core/frame/Settin...
> File Source/core/frame/Settings.in (right):
> 
>
https://codereview.chromium.org/591413003/diff/20001/Source/core/frame/Settin...
> Source/core/frame/Settings.in:302: xssViolationReportsEnabled initial=true
> Nit: Either uppercase or lowercase both "CSP" and "XSS". I don't care which
you
> choose, but please be consistent.

Powered by Google App Engine
This is Rietveld 408576698