Report body interfaces

Looking at Chromium's implementation, I see a lot of "report body" interfaces:

- [`ReportBody`](https://source.chromium.org/chromium/chromium/src/+/master:third_party/blink/renderer/core/frame/report_body.idl)
- [`CSPViolationReportBody`](https://source.chromium.org/chromium/chromium/src/+/master:third_party/blink/renderer/core/frame/csp/csp_violation_report_body.idl)
- [`CoopAccessViolationReportBody`](https://source.chromium.org/chromium/chromium/src/+/master:third_party/blink/renderer/core/frame/coop_access_violation_report_body.idl)
- [`DeprecationReportBody`](https://source.chromium.org/chromium/chromium/src/+/master:third_party/blink/renderer/core/frame/deprecation_report_body.idl)
- [`InterventionReportBody`](https://source.chromium.org/chromium/chromium/src/+/master:third_party/blink/renderer/core/frame/intervention_report_body.idl)
- [`DocumentPolicyViolationReportBody`](https://source.chromium.org/chromium/chromium/src/+/master:third_party/blink/renderer/core/frame/document_policy_violation_report_body.idl)
- [`FeaturePolicyViolationReportBody`](https://source.chromium.org/chromium/chromium/src/+/master:third_party/blink/renderer/core/frame/feature_policy_violation_report_body.idl)

However, most of these don't exist in specifications. And, many of them are using `[NoInterfaceObject]`, which no longer exists on the web platform (it was removed from Web IDL).

I'm unsure how the spec is supposed to work here, and the specs definitely don't seem to match implementations.

- The Reporting API's ["queue a violation report" algorithm](https://w3c.github.io/reporting/#queue-report) takes an "object". But, the `ReportingObserver` API uses `ReportBody`, so is there an implicit requirement that such objects be subclasses of `ReportBody`?

- Some specs appear to fill this out using a generic "a new object" language, e.g. [Fetch](https://fetch.spec.whatwg.org/#queue-a-cross-origin-embedder-policy-corp-violation-report) and [COEP](https://html.spec.whatwg.org/#queue-a-cross-origin-embedder-policy-inheritance-violation). This does not involve any interfaces. The proposed COOP reporting spec in https://github.com/whatwg/html/pull/5518 does the same, although as noted above, the in-progress Chromium implementation seems to use an interface. How do these things show up in `ReportingObserver`?

- I can't figure out what the CSP spec is doing, but it certainly doesn't use `CSPViolationReportBody`.

- I can't find any spec for `InterventionReportBody` or `DeprecationReportBody`.

- `DocumentPolicyViolationReportBody` doesn't exist in [Document Policy](https://w3c.github.io/webappsec-permissions-policy/document-policy.html), and I can't find where that spec queues reports. Maybe that part isn't written yet?

- Permissions Policy seems to be fully on board the interface train: it declares [a proper, non-NoInterfaceObject report body interface](https://w3c.github.io/webappsec-permissions-policy/#permissionspolicyviolationreportbody), and sends that through the "queue a violation report" algorithm.

This seems like a pretty big mess.

My recommendation if we were starting from scratch would be to not use interfaces for this, and have "queue a violation report" take either an object, or something more structured (like a `record<USVString, any>` or an Infra ordered map) to give guidance to callers. Implementations could unobservably use IDL dictionaries behind the scenes if they wanted, but specs would use the Fetch/COEP/COOP style of just supplying a table of keys/values. And we'd get rid of `ReportBody` entirely and make `ReportingObserver`'s `body` just an `object?` instead of a `ReportBody?`.

However, we're not starting from scratch, so I'm unsure what the best path forward is.

/cc @clelland @camillelamy @mikewest

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Report body interfaces #216

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Report body interfaces #216

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions