This attemps to ensure that an attacker who can inject a NEL policy for a small time window cannot cause that policy to persist forever. All policies will have a 48h "freshness" window, after which they need to be refreshed. When stale, they will still be used to send a final report, if a network error occurs, as long as they are not expired (that is, while they are still within their max_age expiry time).
This attemps to ensure that an attacker who can inject a NEL policy for a small time window cannot cause that policy to persist forever. All policies will have a 48h "freshness" window, after which they need to be refreshed. When stale, they will still be used to send a final report, if a network error occurs, as long as they are not expired (that is, while they are still within their
max_ageexpiry time).Closes: #139
Preview | Diff