Reporting API aims to be a generalization of CSP reporting, but for use in other cases (crash reports, network errors, deprecation errors, etc).
I think we should not implement unless its opt in, for two broad reasons:
not user serving
This is explicitly designed to help web application developers, an individual user, at the margin, sees no benefit from it (and some harm / privacy risk). Its a favor from the user to the site owner, and should be treated as such (e.g. opt in). https://github.com/w3c/reporting/issues/168
privacy concerns
These have a weird lifetime (they live beyond the lifetime of the page), currently have no restriction on who they can be communicated to, they send message as POST so less info for URL based blocking to operate, etc. https://github.com/w3c/reporting/issues/169
My vote is to push for making the above changes to the standard, w/ the current authors, and to revisit a brave position if thats not successful
https://w3c.github.io/reporting/
Reporting API aims to be a generalization of CSP reporting, but for use in other cases (crash reports, network errors, deprecation errors, etc).
I think we should not implement unless its opt in, for two broad reasons:
not user serving This is explicitly designed to help web application developers, an individual user, at the margin, sees no benefit from it (and some harm / privacy risk). Its a favor from the user to the site owner, and should be treated as such (e.g. opt in). https://github.com/w3c/reporting/issues/168
privacy concerns These have a weird lifetime (they live beyond the lifetime of the page), currently have no restriction on who they can be communicated to, they send message as POST so less info for URL based blocking to operate, etc. https://github.com/w3c/reporting/issues/169
My vote is to push for making the above changes to the standard, w/ the current authors, and to revisit a brave position if thats not successful