Security/CSP/Specification: Difference between revisions

Security/CSP/Specification (view source)

No change in size , 14 June 2010

m

canmove, Confirmed users

1,537

edits

@@ Line 249: / Line 249: @@
 ==Violation Report Syntax==
 User Agents MUST notify any provided report-uri when its containing policy is violated. These reports contain information about the protected resource and the violating content, and MUST be transmitted to any specified <tt>report-uri</tt>s via HTTP POST if available in the employed scheme, otherwise User Agents MUST choose an appropriate "submit" method.
-User Agents MUST not honor redirection responses.
+User Agents MUST NOT honor redirection responses.
 The report body MUST be a JSON object having the following properties:
@@ Line 258: / Line 258: @@
 ; <tt>original-policy</tt> : The original policy as served in the X-Content-Security-Policy HTTP header (or if there were multiple headers, a comma separated list of the policies)
-NOTE: in the case where a protected resource is not rendered because the <tt>frame-ancestors</tt> directive was violated, User Agents MUST not send <tt>blocked-uri</tt> (it is assumed to be the same as the request URI).
+NOTE: in the case where a protected resource is not rendered because the <tt>frame-ancestors</tt> directive was violated, User Agents MUST NOT send <tt>blocked-uri</tt> (it is assumed to be the same as the request URI).
 Violation Report JSON Format: