Canmove, confirm
1,537
edits
Changes
m
→Violation Report Syntax: MUST NOT!
==Violation Report Syntax==
User Agents MUST notify any provided report-uri when its containing policy is violated. These reports contain information about the protected resource and the violating content, and MUST be transmitted to any specified <tt>report-uri</tt>s via HTTP POST if available in the employed scheme, otherwise User Agents MUST choose an appropriate "submit" method.
User Agents MUST not NOT honor redirection responses.
The report body MUST be a JSON object having the following properties:
; <tt>original-policy</tt> : The original policy as served in the X-Content-Security-Policy HTTP header (or if there were multiple headers, a comma separated list of the policies)
NOTE: in the case where a protected resource is not rendered because the <tt>frame-ancestors</tt> directive was violated, User Agents MUST not NOT send <tt>blocked-uri</tt> (it is assumed to be the same as the request URI).
Violation Report JSON Format:
