Add Content Security Policy

Author: bsafwen

baselines/dom.generated.d.ts

@@ -1693,14 +1693,16 @@ interface ScrollToOptions extends ScrollOptions {
 interface SecurityPolicyViolationEventInit extends EventInit {
     blockedURI?: string;
     columnNumber?: number;
-    documentURI?: string;
-    effectiveDirective?: string;
+    disposition: SecurityPolicyViolationEventDisposition;
+    documentURI: string;
+    effectiveDirective: string;
     lineNumber?: number;
-    originalPolicy?: string;
+    originalPolicy: string;
     referrer?: string;
+    sample?: string;
     sourceFile?: string;
-    statusCode?: number;
-    violatedDirective?: string;
+    statusCode: number;
+    violatedDirective: string;
 }
 
 interface ShadowRootInit {
@@ -2620,6 +2622,25 @@ declare var CDATASection: {
     new(): CDATASection;
 };
 
+interface CSPViolationReportBody extends ReportBody {
+    readonly blockedURL: string | null;
+    readonly columnNumber: number | null;
+    readonly disposition: SecurityPolicyViolationEventDisposition;
+    readonly documentURL: string;
+    readonly effectiveDirective: string;
+    readonly lineNumber: number | null;
+    readonly originalPolicy: string;
+    readonly referrer: string | null;
+    readonly sample: string | null;
+    readonly sourceFile: string | null;
+    readonly statusCode: number;
+}
+
+declare var CSPViolationReportBody: {
+    prototype: CSPViolationReportBody;
+    new(): CSPViolationReportBody;
+};
+
 /** A single condition CSS at-rule, which consists of a condition and a statement block. It is a child of CSSGroupingRule. */
 interface CSSConditionRule extends CSSGroupingRule {
     conditionText: string;
@@ -3662,6 +3683,16 @@ declare var CountQueuingStrategy: {
     new(init: QueuingStrategyInit): CountQueuingStrategy;
 };
 
+interface CrashReportBody extends ReportBody {
+    readonly crashId: string;
+    readonly reason: string | null;
+}
+
+declare var CrashReportBody: {
+    prototype: CrashReportBody;
+    new(): CrashReportBody;
+};
+
 interface Credential {
     readonly id: string;
     readonly type: string;
@@ -4304,6 +4335,20 @@ declare var DelayNode: {
     new(context: BaseAudioContext, options?: DelayOptions): DelayNode;
 };
 
+interface DeprecationReportBody extends ReportBody {
+    readonly anticipatedRemoval: Date | null;
+    readonly columnNumber: number | null;
+    readonly id: string;
+    readonly lineNumber: number | null;
+    readonly message: string;
+    readonly sourceFile: string | null;
+}
+
+declare var DeprecationReportBody: {
+    prototype: DeprecationReportBody;
+    new(): DeprecationReportBody;
+};
+
 /** Provides information about the amount of acceleration the device is experiencing along all three axes. */
 interface DeviceAcceleration {
     readonly x: number | null;
@@ -9621,6 +9666,19 @@ declare var IntersectionObserverEntry: {
     new(intersectionObserverEntryInit: IntersectionObserverEntryInit): IntersectionObserverEntry;
 };
 
+interface InterventionReportBody extends ReportBody {
+    readonly columnNumber: number | null;
+    readonly id: string;
+    readonly lineNumber: number | null;
+    readonly message: string;
+    readonly sourceFile: string | null;
+}
+
+declare var InterventionReportBody: {
+    prototype: InterventionReportBody;
+    new(): InterventionReportBody;
+};
+
 /** KeyboardEvent objects describe a user interaction with the keyboard; each event describes a single interaction between the user and a key (or combination of a key with modifier keys) on the keyboard. */
 interface KeyboardEvent extends UIEvent {
     readonly altKey: boolean;
@@ -12436,6 +12494,25 @@ interface ReadableStreamGenericReader {
     cancel(reason?: any): Promise<void>;
 }
 
+interface Report {
+    readonly body: ReportBody | null;
+    readonly type: string;
+    readonly url: string;
+}
+
+declare var Report: {
+    prototype: Report;
+    new(): Report;
+};
+
+interface ReportBody {
+}
+
+declare var ReportBody: {
+    prototype: ReportBody;
+    new(): ReportBody;
+};
+
 /** This Fetch API interface represents a resource request. */
 interface Request extends Body {
     /**
@@ -14660,11 +14737,13 @@ declare var ScriptProcessorNode: {
 interface SecurityPolicyViolationEvent extends Event {
     readonly blockedURI: string;
     readonly columnNumber: number;
+    readonly disposition: SecurityPolicyViolationEventDisposition;
     readonly documentURI: string;
     readonly effectiveDirective: string;
     readonly lineNumber: number;
     readonly originalPolicy: string;
     readonly referrer: string;
+    readonly sample: string;
     readonly sourceFile: string;
     readonly statusCode: number;
     readonly violatedDirective: string;
@@ -19833,6 +19912,7 @@ type ScrollBehavior = "auto" | "smooth";
 type ScrollLogicalPosition = "center" | "end" | "nearest" | "start";
 type ScrollRestoration = "auto" | "manual";
 type ScrollSetting = "" | "up";
+type SecurityPolicyViolationEventDisposition = "enforce" | "report";
 type SelectionMode = "end" | "preserve" | "select" | "start";
 type ServiceWorkerState = "activated" | "activating" | "installed" | "installing" | "parsed" | "redundant";
 type ServiceWorkerUpdateViaCache = "all" | "imports" | "none";

baselines/webworker.generated.d.ts

@@ -501,6 +501,21 @@ interface RsaPssParams extends Algorithm {
     saltLength: number;
 }
 
+interface SecurityPolicyViolationEventInit extends EventInit {
+    blockedURI?: string;
+    columnNumber?: number;
+    disposition: SecurityPolicyViolationEventDisposition;
+    documentURI: string;
+    effectiveDirective: string;
+    lineNumber?: number;
+    originalPolicy: string;
+    referrer?: string;
+    sample?: string;
+    sourceFile?: string;
+    statusCode: number;
+    violatedDirective: string;
+}
+
 interface StorageEstimate {
     quota?: number;
     usage?: number;
@@ -2851,6 +2866,27 @@ declare var Response: {
     redirect(url: string, status?: number): Response;
 };
 
+/** Inherits from Event, and represents the event object of an event sent on a document or worker when its content security policy is violated. */
+interface SecurityPolicyViolationEvent extends Event {
+    readonly blockedURI: string;
+    readonly columnNumber: number;
+    readonly disposition: SecurityPolicyViolationEventDisposition;
+    readonly documentURI: string;
+    readonly effectiveDirective: string;
+    readonly lineNumber: number;
+    readonly originalPolicy: string;
+    readonly referrer: string;
+    readonly sample: string;
+    readonly sourceFile: string;
+    readonly statusCode: number;
+    readonly violatedDirective: string;
+}
+
+declare var SecurityPolicyViolationEvent: {
+    prototype: SecurityPolicyViolationEvent;
+    new(type: string, eventInitDict?: SecurityPolicyViolationEventInit): SecurityPolicyViolationEvent;
+};
+
 interface ServiceWorkerEventMap extends AbstractWorkerEventMap {
     "statechange": Event;
 }
@@ -5983,6 +6019,7 @@ type RequestMode = "cors" | "navigate" | "no-cors" | "same-origin";
 type RequestRedirect = "error" | "follow" | "manual";
 type ResizeQuality = "high" | "low" | "medium" | "pixelated";
 type ResponseType = "basic" | "cors" | "default" | "error" | "opaque" | "opaqueredirect";
+type SecurityPolicyViolationEventDisposition = "enforce" | "report";
 type ServiceWorkerState = "activated" | "activating" | "installed" | "installing" | "parsed" | "redundant";
 type ServiceWorkerUpdateViaCache = "all" | "imports" | "none";
 type VisibilityState = "hidden" | "visible";

inputfiles/idl/Content Security Policy Level 3.widl

@@ -0,0 +1,50 @@
+[Exposed=Window]
+interface CSPViolationReportBody : ReportBody {
+  readonly attribute USVString documentURL;
+  readonly attribute USVString? referrer;
+  readonly attribute USVString? blockedURL;
+  readonly attribute DOMString effectiveDirective;
+  readonly attribute DOMString originalPolicy;
+  readonly attribute USVString? sourceFile;
+  readonly attribute DOMString? sample;
+  readonly attribute SecurityPolicyViolationEventDisposition disposition;
+  readonly attribute unsigned short statusCode;
+  readonly attribute unsigned long? lineNumber;
+  readonly attribute unsigned long? columnNumber;
+};
+
+enum SecurityPolicyViolationEventDisposition {
+  "enforce", "report"
+};
+
+[Exposed=(Window,Worker)]
+interface SecurityPolicyViolationEvent : Event {
+    constructor(DOMString type, optional SecurityPolicyViolationEventInit eventInitDict = {});
+    readonly    attribute USVString      documentURI;
+    readonly    attribute USVString      referrer;
+    readonly    attribute USVString      blockedURI;
+    readonly    attribute DOMString      effectiveDirective;
+    readonly    attribute DOMString      violatedDirective; // historical alias of effectiveDirective
+    readonly    attribute DOMString      originalPolicy;
+    readonly    attribute USVString      sourceFile;
+    readonly    attribute DOMString      sample;
+    readonly    attribute SecurityPolicyViolationEventDisposition      disposition;
+    readonly    attribute unsigned short statusCode;
+    readonly    attribute unsigned long  lineNumber;
+    readonly    attribute unsigned long  columnNumber;
+};
+
+dictionary SecurityPolicyViolationEventInit : EventInit {
+    required USVString      documentURI;
+             USVString      referrer = "";
+             USVString      blockedURI = "";
+    required DOMString      violatedDirective;
+    required DOMString      effectiveDirective;
+    required DOMString      originalPolicy;
+             USVString      sourceFile = "";
+             DOMString      sample = "";
+    required SecurityPolicyViolationEventDisposition disposition;
+    required unsigned short statusCode;
+             unsigned long  lineNumber = 0;
+             unsigned long  columnNumber = 0;
+};

inputfiles/idl/Reporting.widl

@@ -0,0 +1,51 @@
+interface ReportBody {
+};
+
+interface Report {
+  readonly attribute DOMString type;
+  readonly attribute DOMString url;
+  readonly attribute ReportBody? body;
+};
+
+[Constructor(ReportingObserverCallback callback, optional ReportingObserverOptions options)]
+interface ReportingObserver {
+  void observe();
+  void disconnect();
+  ReportList takeRecords();
+};
+
+callback ReportingObserverCallback = void (sequence<Report> reports, ReportingObserver observer);
+
+dictionary ReportingObserverOptions {
+  sequence<DOMString> types;
+  boolean buffered = false;
+};
+
+typedef sequence<Report> ReportList;
+
+interface DeprecationReportBody : ReportBody {
+  readonly attribute DOMString id;
+  readonly attribute Date? anticipatedRemoval;
+  readonly attribute DOMString message;
+  readonly attribute DOMString? sourceFile;
+  readonly attribute unsigned long? lineNumber;
+  readonly attribute unsigned long? columnNumber;
+};
+
+interface InterventionReportBody : ReportBody {
+  readonly attribute DOMString id;
+  readonly attribute DOMString message;
+  readonly attribute DOMString? sourceFile;
+  readonly attribute unsigned long? lineNumber;
+  readonly attribute unsigned long? columnNumber;
+};
+
+interface CrashReportBody : ReportBody {
+  readonly attribute DOMString crashId;
+  readonly attribute DOMString? reason;
+};
+
+dictionary GenerateTestReportParameters {
+  required DOMString message;
+  DOMString group;
+};

inputfiles/idlSources.json

@@ -697,5 +697,13 @@
     {
         "url": "https://html.spec.whatwg.org/multipage/web-messaging.html",
         "title": "Web Messaging"
+    },
+    {
+        "url": "https://www.w3.org/TR/CSP3",
+        "title": "Content Security Policy Level 3"
+    },
+    {
+        "url": "https://www.w3.org/TR/reporting/",
+        "title": "Reporting"
     }
-]
+]