Anyone know the technical details of how @WIRED collected, parsed and used their copious CSP violation reports?
-
-
do you develop heuristics to filter those out?
-
We're thinking about it (quite a lot), but there's currently no solution that would make me happy.
-
:
@getsentry has some explicit matches to filter popular things out;@zeeg how's it working so far?pic.twitter.com/hafTYHdB9C
-
the major concern is CSP is a lot of stuff you don’t care about, but some you do. Errors are opposite.
-
Yes. + CSP reports are often for extension-added scripts and the report has no data to distinguish them from real bugs
End of conversation
New conversation -
-
-
... and so called "Internet Security Suites" injecting their JS in every webpage, because security!
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.