canmove, Confirmed users
1,537
edits
Security/CSP/Spec: Difference between revisions
Jump to navigation
Jump to search
m
→Handling Parse Errors
| Line 514: | Line 514: | ||
;Unrecognized <tt>options</tt> token: If an unrecognized token is present in the <tt>options</tt> directive value, it is ignored and a warning message is logged to the Error Console stating the unrecognized token. | ;Unrecognized <tt>options</tt> token: If an unrecognized token is present in the <tt>options</tt> directive value, it is ignored and a warning message is logged to the Error Console stating the unrecognized token. | ||
;Missing "allow": If the "allow" directive is not present, a warning message is logged to the Error Console and "allow none" is assumed by the policy. The rest of the policy is enforced as written assuming no other policy errors are encountered. | ;Missing "allow": If the "allow" directive is not present, a warning message is logged to the Error Console and "allow 'none'" is assumed by the policy. The rest of the policy is enforced as written assuming no other policy errors are encountered. | ||
;Directive Syntax Error: When any known directive contains a value that violates [[Security/CSP/Spec#Policy_Language_and_Syntax|CSP syntax]], Content Security Policy follows a "fail closed" security model and falls back to the most secure policy, "allow none". | ;Directive Syntax Error: When any known directive contains a value that violates [[Security/CSP/Spec#Policy_Language_and_Syntax|CSP syntax]], Content Security Policy follows a "fail closed" security model and falls back to the most secure policy, "allow 'none'". | ||
;No Recognized Directives: If no recognized directives are present in the stated policy, a warning message will be logged to the Error Console stating "invalid policy", and CSP will enforce the policy "allow none". | ;No Recognized Directives: If no recognized directives are present in the stated policy, a warning message will be logged to the Error Console stating "invalid policy", and CSP will enforce the policy "allow 'none'". | ||
;Other Parsing Errors: Any other parsing errors not covered here may cause CSP to fail closed. If such a case should arise, a message will be logged to the Error Console describing the violation. | ;Other Parsing Errors: Any other parsing errors not covered here may cause CSP to fail closed. If such a case should arise, a message will be logged to the Error Console describing the violation. | ||