@@ -1122,10 +1122,12 @@ spec:SRI; urlPrefix: https://w3c.github.io/webappsec-subresource-integrity
11221122 1. Let |document URL| be the empty [=string=] .
11231123 1. Let |global| be the |request|'s [=request/client=]' s [=/global object=] .
11241124 1. If |global| is a {{Window}} , set |document URL| to |global|'s [=document=]' s [=Document/URL=] .
1125+ 1. Let |stripped document URL| to be the result of executing [[#strip-url-for-use-in-reports]]
1126+ on |document URL|.
11251127 1. If |policy|'s [=directive set=] does not contain a [=directive=] named "report-to", return.
11261128 1. Let |report-to directive| be a [=directive=] named "report-to" from |policy|'s [=directive
11271129 set=] .
1128- 1. Let |body| be a [=csp hash report body=] with |document URL| as its [=documentURL=] ,
1130+ 1. Let |body| be a [=csp hash report body=] with |stripped document URL| as its [=documentURL=] ,
11291131 |request|'s URL as its [=subresourceURL=] , |hash| as its
11301132 [=hash=] , and "subresource" as its [=csp hash report body/type=] .
11311133 1. [=Generate and queue a report=] with the following arguments:
@@ -3792,29 +3794,30 @@ Content-Type: application/reports+json
37923794
37933795 1. If |request|'s <a for="request">destination</a> is <a for="request/destination">script-like</a> :
37943796
3797+ 1. Call [=potentially report hash=] with |response|, |request|, |directive| and |policy|.
3798+
37953799 1. If the result of executing [[#match-nonce-to-source-list]] on
37963800 |request|'s <a for="request">cryptographic nonce metadata</a> and this
37973801 directive's <a for="directive">value</a> is "`Matches`", return
37983802 "`Allowed`".
37993803
3800- 2 . If the result of executing
3804+ 1 . If the result of executing
38013805 [[#match-integrity-metadata-to-source-list]] on |request|'s <a
38023806 for="request"> integrity metadata</a> and this directive's <a
38033807 for="directive"> value</a> is "`Matches`", return "`Allowed`".
38043808
3805- 3 . If |directive|'s <a for="directive">value</a> contains
3809+ 1 . If |directive|'s <a for="directive">value</a> contains
38063810 "<a grammar>`'strict-dynamic'`</a> ":
38073811
38083812 1. If |request|'s <a for="request">parser metadata</a> is not
38093813 <a>"parser-inserted"</a> , return "`Allowed`".
38103814
38113815 Otherwise, return "`Blocked`".
38123816
3813- 4 . If the result of executing [[#match-response-to-source-list]] on
3817+ 1 . If the result of executing [[#match-response-to-source-list]] on
38143818 |response|, |request|, |directive|'s <a for="directive">value</a> ,
38153819 and |policy|, is "`Does Not Match`", return "`Blocked`".
38163820
3817- 5. Call [=potentially report hash=] with |response|, |request|, |directive| and |policy|.
38183821 2. Return "`Allowed`".
38193822
38203823 <h4 id="matching-urls">URL Matching</h4>
0 commit comments