Hi, I found out that some browser engines behave differently when a beacon request is blocked by CSP policy (it happens when domain is not specified in connect-src section of the CSP header). As far as I see, the spec does not define what is the "right" value to return in this case: https://www.w3.org/TR/beacon/#return-value
Actual behavior
Safari, Chrome: sendBeacon returns true
Firefox: sendBeacon returns false
Expected behavior
Work consistently across browsers.
ps: I'm not 100% sure if this is the right place to open an issue, but I figured that it would be reasonable to first figure out what behavior is “canonical” in this scenario. I would greatly appreciate any thoughts on this. Thanks!
Hi, I found out that some browser engines behave differently when a beacon request is blocked by CSP policy (it happens when domain is not specified in
connect-src
section of the CSP header). As far as I see, the spec does not define what is the "right" value to return in this case: https://www.w3.org/TR/beacon/#return-valueActual behavior
sendBeacon
returnstrue
sendBeacon
returnsfalse
Expected behavior
Work consistently across browsers.
ps: I'm not 100% sure if this is the right place to open an issue, but I figured that it would be reasonable to first figure out what behavior is “canonical” in this scenario. I would greatly appreciate any thoughts on this. Thanks!
The reproduction is here: https://chernodub.dev/beacon (source code https://github.com/chernodub/chernodub.github.io/blob/main/src/pages/beacon.html)
Steps to reproduce
Try playing with reproduction in different browsers