[Editorial] Fix csp-hash report type in example (#729)

antosart · github-actions[bot] · antosart · commit e7d025713f11 · 2025-05-30T08:15:28.000Z
SHA: 2d2653d Reason: push, by antosart Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
diff --git a/index.html b/index.html
@@ -5,9 +5,9 @@
   <title>Content Security Policy Level 3</title>
   <meta content="WD" name="w3c-status">
   <link href="https://www.w3.org/StyleSheets/TR/2021/W3C-WD" rel="stylesheet">
-  <meta content="Bikeshed version b25686b9f, updated Fri Mar 14 14:15:20 2025 -0700" name="generator">
+  <meta content="Bikeshed version 9a7a6709a, updated Tue May 27 16:45:34 2025 -0700" name="generator">
   <link href="https://www.w3.org/TR/CSP3/" rel="canonical">
-  <meta content="205cac6ee7805e30b7ec98c344bf5e9d67ce717d" name="revision">
+  <meta content="2d2653df20b99b4304b46b203afba40c116d26e7" name="revision">
   <meta content="dark light" name="color-scheme">
   <link href="https://www.w3.org/StyleSheets/TR/2021/dark.css" media="(prefers-color-scheme: dark)" rel="stylesheet" type="text/css">
 <style>
@@ -771,13 +771,13 @@
   <div class="head">
    <p data-fill-with="logo"><a class="logo" href="https://www.w3.org/"> <img alt="W3C" height="48" src="https://www.w3.org/StyleSheets/TR/2021/logos/W3C" width="72"> </a> </p>
    <h1>Content Security Policy Level 3</h1>
-   <p id="w3c-state"><a href="https://www.w3.org/standards/types/#WD">W3C Working Draft</a>, <time class="dt-updated" datetime="2025-04-30">30 April 2025</time></p>
+   <p id="w3c-state"><a href="https://www.w3.org/standards/types/#WD">W3C Working Draft</a>, <time class="dt-updated" datetime="2025-05-30">30 May 2025</time></p>
    <details open>
     <summary>More details about this document</summary>
     <div data-fill-with="spec-metadata">
      <dl>
       <dt>This version:
-      <dd><a class="u-url" href="https://www.w3.org/TR/2025/WD-CSP3-20250430/">https://www.w3.org/TR/2025/WD-CSP3-20250430/</a>
+      <dd><a class="u-url" href="https://www.w3.org/TR/2025/WD-CSP3-20250530/">https://www.w3.org/TR/2025/WD-CSP3-20250530/</a>
       <dt>Latest published version:
       <dd><a href="https://www.w3.org/TR/CSP3/">https://www.w3.org/TR/CSP3/</a>
       <dt>Editor's Draft:
@@ -2305,8 +2305,8 @@ <h2 class="heading settled" data-level="5" id="reporting"><span class="secno">5.
     <p><a data-link-type="dfn" href="#csp-hash-report" id="ref-for-csp-hash-report">csp hash reports</a> have the <a data-link-type="dfn" href="https://w3c.github.io/reporting/#report-type" id="ref-for-report-type①">report type</a> "csp-hash".</p>
     <p><a data-link-type="dfn" href="#csp-hash-report" id="ref-for-csp-hash-report①">csp hash reports</a> are not <a data-link-type="dfn" href="https://w3c.github.io/reporting/#visible-to-reportingobservers" id="ref-for-visible-to-reportingobservers①">visible to <code>ReportingObserver</code>s</a>. </p>
     <p>A <dfn class="dfn-paneled" data-dfn-type="dfn" data-noexport id="csp-hash-report-body">csp hash report body</dfn> is a <a data-link-type="dfn" href="https://infra.spec.whatwg.org/#struct" id="ref-for-struct">struct</a> with the following fields: <dfn class="dfn-paneled" data-dfn-for="csp hash report body" data-dfn-type="dfn" data-noexport id="csp-hash-report-body-documenturl">documentURL</dfn>, <dfn class="dfn-paneled" data-dfn-for="csp hash report body" data-dfn-type="dfn" data-noexport id="csp-hash-report-body-subresourceurl">subresourceURL</dfn>, <dfn class="dfn-paneled" data-dfn-for="csp hash report body" data-dfn-type="dfn" data-noexport id="csp-hash-report-body-hash">hash</dfn>, <dfn class="dfn-paneled" data-dfn-for="csp hash report body" data-dfn-type="dfn" data-noexport id="csp-hash-report-body-destination">destination</dfn>, <dfn class="dfn-paneled" data-dfn-for="csp hash report body" data-dfn-type="dfn" data-noexport id="csp-hash-report-body-type">type</dfn>. </p>
-    <div class="example" id="example-f176bd19">
-     <a class="self-link" href="#example-f176bd19"></a> When a document’s response contains the headers: 
+    <div class="example" id="example-8421c01a">
+     <a class="self-link" href="#example-8421c01a"></a> When a document’s response contains the headers: 
 <pre class="language-http highlight">Reporting-Endpoints: hashes-endpoint="https://example.com/reports"
 Content-Security-Policy: script-src 'self' 'report-sha256'; report-to hashes-endpoint
 </pre>
@@ -2317,7 +2317,7 @@ <h2 class="heading settled" data-level="5" id="reporting"><span class="secno">5.
 Content-Type: application/reports+json
 
 [{
-  "type": "csp-hash-report",
+  "type": "csp-hash",
   "age": 12,
   "url": "https://example.com/",
   "user_agent": "Mozilla/5.0 (X11; Linux i686; rv:132.0) Gecko/20100101 Firefox/132.0",
@@ -2560,9 +2560,9 @@ <h3 class="heading settled algorithm" data-algorithm="Report a violation" data-l
              <dd data-md>
               <p><var>violation</var>’s <a data-link-type="dfn" href="#violation-global-object" id="ref-for-violation-global-object⑥">global object</a>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#relevant-settings-object" id="ref-for-relevant-settings-object">relevant settings
   object</a>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-settings-object-origin" id="ref-for-concept-settings-object-origin①">origin</a></p>
-             <dt data-md><a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-request-window" id="ref-for-concept-request-window">window</a>
+             <dt data-md><a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-request-window" id="ref-for-concept-request-window">traversable for user prompts</a>
              <dd data-md>
-              <p>"<code>no-window</code>"</p>
+              <p>"<code>no-traversable</code>"</p>
              <dt data-md><a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-request-client" id="ref-for-concept-request-client⑤">client</a>
              <dd data-md>
               <p><var>violation</var>’s <a data-link-type="dfn" href="#violation-global-object" id="ref-for-violation-global-object⑦">global object</a>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#relevant-settings-object" id="ref-for-relevant-settings-object①">relevant
@@ -5571,9 +5571,9 @@ <h3 class="no-num no-ref heading settled" id="index-defined-elsewhere"><span cla
      <li><span class="dfn-paneled" id="55213b5b">request</span>
      <li><span class="dfn-paneled" id="ee7bba09">response</span>
      <li><span class="dfn-paneled" id="d8fc72f5">script-like</span>
+     <li><span class="dfn-paneled" id="d6bb2376">traversable for user prompts</span>
      <li><span class="dfn-paneled" id="dc1cd39b">URL <small>(for request)</small></span>
      <li><span class="dfn-paneled" id="3268a8eb">URL <small>(for response)</small></span>
-     <li><span class="dfn-paneled" id="1ab127d6">window</span>
     </ul>
    <li>
     <a data-link-type="biblio">[HTML]</a> defines the following terms:
@@ -5833,7 +5833,7 @@ <h3 class="no-num no-ref heading settled" id="normative"><span class="content">N
    <dt id="biblio-reporting">[REPORTING]
    <dd>Ilya Grigorik; Mike West. <a href="https://wicg.github.io/reporting/"><cite>Reporting API</cite></a>. URL: <a href="https://wicg.github.io/reporting/">https://wicg.github.io/reporting/</a>
    <dt id="biblio-reporting-1">[REPORTING-1]
-   <dd>Douglas Creager; Ian Clelland; Mike West. <a href="https://www.w3.org/TR/reporting-1/"><cite>Reporting API</cite></a>. 13 August 2024. WD. URL: <a href="https://www.w3.org/TR/reporting-1/">https://www.w3.org/TR/reporting-1/</a>
+   <dd>Douglas Creager; Ian Clelland; Mike West. <a href="https://www.w3.org/TR/reporting-1/"><cite>Reporting API</cite></a>. 15 May 2025. WD. URL: <a href="https://www.w3.org/TR/reporting-1/">https://www.w3.org/TR/reporting-1/</a>
    <dt id="biblio-rfc2119">[RFC2119]
    <dd>S. Bradner. <a href="https://datatracker.ietf.org/doc/html/rfc2119"><cite>Key words for use in RFCs to Indicate Requirement Levels</cite></a>. March 1997. Best Current Practice. URL: <a href="https://datatracker.ietf.org/doc/html/rfc2119">https://datatracker.ietf.org/doc/html/rfc2119</a>
    <dt id="biblio-rfc3492">[RFC3492]
@@ -5870,7 +5870,7 @@ <h3 class="no-num no-ref heading settled" id="normative"><span class="content">N
   <h3 class="no-num no-ref heading settled" id="informative"><span class="content">Informative References</span><a class="self-link" href="#informative"></a></h3>
   <dl>
    <dt id="biblio-appmanifest">[APPMANIFEST]
-   <dd>Marcos Caceres; et al. <a href="https://www.w3.org/TR/appmanifest/"><cite>Web Application Manifest</cite></a>. 20 March 2025. WD. URL: <a href="https://www.w3.org/TR/appmanifest/">https://www.w3.org/TR/appmanifest/</a>
+   <dd>Marcos Caceres; et al. <a href="https://www.w3.org/TR/appmanifest/"><cite>Web Application Manifest</cite></a>. 5 May 2025. WD. URL: <a href="https://www.w3.org/TR/appmanifest/">https://www.w3.org/TR/appmanifest/</a>
    <dt id="biblio-beacon">[BEACON]
    <dd>Ilya Grigorik; Alois Reitbauer. <a href="https://www.w3.org/TR/beacon/"><cite>Beacon</cite></a>. 3 August 2022. CRD. URL: <a href="https://www.w3.org/TR/beacon/">https://www.w3.org/TR/beacon/</a>
    <dt id="biblio-csp2">[CSP2]
@@ -6210,7 +6210,6 @@ <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content
 "168f1b6e": {"dfnID":"168f1b6e","dfnText":"global object (for realm)","external":true,"refSections":[{"refs":[{"id":"ref-for-concept-realm-global"}],"title":"4.4.1. \n    EnsureCSPDoesNotBlockStringCompilation(realm, parameterStrings, bodyString, codeString, compilationType, parameterArgs, bodyArg)\n  "},{"refs":[{"id":"ref-for-concept-realm-global\u2460"}],"title":"4.5.1. \n  EnsureCSPDoesNotBlockWasmByteCompilationrealm\n"}],"url":"https://html.spec.whatwg.org/multipage/webappapis.html#concept-realm-global"},
 "16d07e10": {"dfnID":"16d07e10","dfnText":"for each","external":true,"refSections":[{"refs":[{"id":"ref-for-list-iterate"}],"title":"2.2.1. \n    Parse a serialized CSP\n  "},{"refs":[{"id":"ref-for-list-iterate\u2460"},{"id":"ref-for-list-iterate\u2461"},{"id":"ref-for-list-iterate\u2462"}],"title":"2.2.2. \n    Parse response\u2019s Content Security Policies\n  "},{"refs":[{"id":"ref-for-list-iterate\u2463"}],"title":"4.1.1. \n    Report Content Security Policy violations for request\n  "},{"refs":[{"id":"ref-for-list-iterate\u2464"}],"title":"4.1.2. \n    Should request be blocked by Content Security Policy?\n  "},{"refs":[{"id":"ref-for-list-iterate\u2465"},{"id":"ref-for-list-iterate\u2466"}],"title":"4.1.3. \n    Should response to request be blocked by Content Security Policy?\n  "},{"refs":[{"id":"ref-for-list-iterate\u2467"},{"id":"ref-for-list-iterate\u2468"}],"title":"4.2.1. \n    Run CSP initialization for a Document\n  "},{"refs":[{"id":"ref-for-list-iterate\u2460\u24ea"},{"id":"ref-for-list-iterate\u2460\u2460"}],"title":"4.2.3. \n    Should element\u2019s inline type behavior be blocked by Content Security Policy?\n  "},{"refs":[{"id":"ref-for-list-iterate\u2460\u2461"},{"id":"ref-for-list-iterate\u2460\u2462"},{"id":"ref-for-list-iterate\u2460\u2463"},{"id":"ref-for-list-iterate\u2460\u2464"}],"title":"4.2.4. \n    Should navigation request of type be blocked\n    by Content Security Policy?\n  "},{"refs":[{"id":"ref-for-list-iterate\u2460\u2465"},{"id":"ref-for-list-iterate\u2460\u2466"},{"id":"ref-for-list-iterate\u2460\u2467"},{"id":"ref-for-list-iterate\u2460\u2468"}],"title":"4.2.5. \n    Should navigation response to navigation request of type\n    in target be blocked by Content Security Policy?\n  "},{"refs":[{"id":"ref-for-list-iterate\u2461\u24ea"},{"id":"ref-for-list-iterate\u2461\u2460"}],"title":"4.2.6. \n    Run CSP initialization for a global object\n  "},{"refs":[{"id":"ref-for-list-iterate\u2461\u2461"},{"id":"ref-for-list-iterate\u2461\u2462"}],"title":"4.3.1. \n    Should RTC connections be blocked for global?\n  "},{"refs":[{"id":"ref-for-list-iterate\u2461\u2463"},{"id":"ref-for-list-iterate\u2461\u2464"}],"title":"4.4.1. \n    EnsureCSPDoesNotBlockStringCompilation(realm, parameterStrings, bodyString, codeString, compilationType, parameterArgs, bodyArg)\n  "},{"refs":[{"id":"ref-for-list-iterate\u2461\u2465"}],"title":"4.5.1. \n  EnsureCSPDoesNotBlockWasmByteCompilationrealm\n"},{"refs":[{"id":"ref-for-list-iterate\u2461\u2466"}],"title":"5.5. \n    Report a violation\n  "},{"refs":[{"id":"ref-for-list-iterate\u2461\u2467"}],"title":"6.3.1.1. \n    Is base allowed for document?\n  "},{"refs":[{"id":"ref-for-list-iterate\u2461\u2468"}],"title":"6.7.2.1. \n    Does request violate policy?\n  "},{"refs":[{"id":"ref-for-list-iterate\u2462\u24ea"}],"title":"6.7.2.2. \n    Does resource hint request violate policy?\n  "},{"refs":[{"id":"ref-for-list-iterate\u2462\u2460"}],"title":"6.7.2.3. \n    Does nonce match source list?\n  "},{"refs":[{"id":"ref-for-list-iterate\u2462\u2461"}],"title":"6.7.2.4. \n    Does integrity metadata match source list?\n  "},{"refs":[{"id":"ref-for-list-iterate\u2462\u2462"}],"title":"6.7.2.7. \n    Does url match source list in origin with redirect count?\n  "},{"refs":[{"id":"ref-for-list-iterate\u2462\u2463"}],"title":"6.7.2.12. \n    path-part matching\n  "},{"refs":[{"id":"ref-for-list-iterate\u2462\u2464"}],"title":"6.7.3.1. \n    Is element nonceable?\n  "},{"refs":[{"id":"ref-for-list-iterate\u2462\u2465"}],"title":"6.7.3.2. \n    Does a source list allow all inline behavior for type?\n  "},{"refs":[{"id":"ref-for-list-iterate\u2462\u2466"},{"id":"ref-for-list-iterate\u2462\u2467"},{"id":"ref-for-list-iterate\u2462\u2468"}],"title":"6.7.3.3. \n    Does element match source list for type and source?\n  "},{"refs":[{"id":"ref-for-list-iterate\u2463\u24ea"}],"title":"6.8.4. \n    Should fetch directive execute\n  "}],"url":"https://infra.spec.whatwg.org/#list-iterate"},
 "17bd86ff": {"dfnID":"17bd86ff","dfnText":"port (for URL)","external":true,"refSections":[{"refs":[{"id":"ref-for-dom-url-port"},{"id":"ref-for-dom-url-port\u2460"}],"title":"6.7.2.8. \n    Does url match expression in origin with redirect count?\n  "}],"url":"https://url.spec.whatwg.org/#dom-url-port"},
-"1ab127d6": {"dfnID":"1ab127d6","dfnText":"window","external":true,"refSections":[{"refs":[{"id":"ref-for-concept-request-window"}],"title":"5.5. \n    Report a violation\n  "}],"url":"https://fetch.spec.whatwg.org/#concept-request-window"},
 "215d47ca": {"dfnID":"215d47ca","dfnText":"prepare the script element","external":true,"refSections":[{"refs":[{"id":"ref-for-prepare-the-script-element"}],"title":"4.2. \n    Integration with HTML\n  "}],"url":"https://html.spec.whatwg.org/#prepare-the-script-element"},
 "218c9455": {"dfnID":"218c9455","dfnText":"username","external":true,"refSections":[{"refs":[{"id":"ref-for-concept-url-username"}],"title":"5.4. Strip URL for use in reports"}],"url":"https://url.spec.whatwg.org/#concept-url-username"},
 "22477314": {"dfnID":"22477314","dfnText":"domain","external":true,"refSections":[{"refs":[{"id":"ref-for-concept-domain"}],"title":"6.7.2.10. \n    host-part matching\n  "}],"url":"https://url.spec.whatwg.org/#concept-domain"},
@@ -6392,6 +6391,7 @@ <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content
 "csp-list": {"dfnID":"csp-list","dfnText":"CSP list","external":false,"refSections":[{"refs":[{"id":"ref-for-csp-list"}],"title":"2.2. Policies"},{"refs":[{"id":"ref-for-csp-list\u2460"}],"title":"4.2.5. \n    Should navigation response to navigation request of type\n    in target be blocked by Content Security Policy?\n  "}],"url":"#csp-list"},
 "csp-violation-report": {"dfnID":"csp-violation-report","dfnText":"csp violation report","external":false,"refSections":[{"refs":[{"id":"ref-for-csp-violation-report"},{"id":"ref-for-csp-violation-report\u2460"}],"title":"5. \n    Reporting\n  "},{"refs":[{"id":"ref-for-csp-violation-report\u2461"}],"title":"6.5.1. report-uri"}],"url":"#csp-violation-report"},
 "cspviolationreportbody": {"dfnID":"cspviolationreportbody","dfnText":"CSPViolationReportBody","external":false,"refSections":[{"refs":[{"id":"ref-for-cspviolationreportbody"}],"title":"5.5. \n    Report a violation\n  "}],"url":"#cspviolationreportbody"},
+"d6bb2376": {"dfnID":"d6bb2376","dfnText":"traversable for user prompts","external":true,"refSections":[{"refs":[{"id":"ref-for-concept-request-window"}],"title":"5.5. \n    Report a violation\n  "}],"url":"https://fetch.spec.whatwg.org/#concept-request-window"},
 "d79a826f": {"dfnID":"d79a826f","dfnText":"integrity metadata","external":true,"refSections":[{"refs":[{"id":"ref-for-concept-request-integrity-metadata"}],"title":"6.7.1.1. \n    Script directives pre-request check\n  "},{"refs":[{"id":"ref-for-concept-request-integrity-metadata\u2460"}],"title":"6.7.1.2. \n    Script directives post-request check\n  "},{"refs":[{"id":"ref-for-concept-request-integrity-metadata\u2461"}],"title":"6.7.2.4. \n    Does integrity metadata match source list?\n  "}],"url":"https://fetch.spec.whatwg.org/#concept-request-integrity-metadata"},
 "d8b963e8": {"dfnID":"d8b963e8","dfnText":"isomorphic decode","external":true,"refSections":[{"refs":[{"id":"ref-for-isomorphic-decode"}],"title":"2.2.1. \n    Parse a serialized CSP\n  "}],"url":"https://infra.spec.whatwg.org/#isomorphic-decode"},
 "d8fc72f5": {"dfnID":"d8fc72f5","dfnText":"script-like","external":true,"refSections":[{"refs":[{"id":"ref-for-request-destination-script-like"},{"id":"ref-for-request-destination-script-like\u2460"}],"title":"5. \n    Reporting\n  "},{"refs":[{"id":"ref-for-request-destination-script-like\u2461"}],"title":"6.1.10. script-src"},{"refs":[{"id":"ref-for-request-destination-script-like\u2462"}],"title":"6.7.1.1. \n    Script directives pre-request check\n  "},{"refs":[{"id":"ref-for-request-destination-script-like\u2463"}],"title":"6.7.1.2. \n    Script directives post-request check\n  "}],"url":"https://fetch.spec.whatwg.org/#request-destination-script-like"},
@@ -7158,7 +7158,7 @@ <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content
 "https://fetch.spec.whatwg.org/#concept-request-redirect-count": {"displayText":"redirect count","export":true,"for_":["request"],"level":"1","normative":true,"shortname":"fetch","spec":"fetch","status":"current","text":"redirect count","type":"dfn","url":"https://fetch.spec.whatwg.org/#concept-request-redirect-count"},
 "https://fetch.spec.whatwg.org/#concept-request-redirect-mode": {"displayText":"redirect mode","export":true,"for_":["request"],"level":"1","normative":true,"shortname":"fetch","spec":"fetch","status":"current","text":"redirect mode","type":"dfn","url":"https://fetch.spec.whatwg.org/#concept-request-redirect-mode"},
 "https://fetch.spec.whatwg.org/#concept-request-url": {"displayText":"URL","export":true,"for_":["request"],"level":"1","normative":true,"shortname":"fetch","spec":"fetch","status":"current","text":"url","type":"dfn","url":"https://fetch.spec.whatwg.org/#concept-request-url"},
-"https://fetch.spec.whatwg.org/#concept-request-window": {"displayText":"window","export":true,"for_":["request"],"level":"1","normative":true,"shortname":"fetch","spec":"fetch","status":"current","text":"window","type":"dfn","url":"https://fetch.spec.whatwg.org/#concept-request-window"},
+"https://fetch.spec.whatwg.org/#concept-request-window": {"displayText":"traversable for user prompts","export":true,"for_":["request"],"level":"1","normative":true,"shortname":"fetch","spec":"fetch","status":"current","text":"traversable for user prompts","type":"dfn","url":"https://fetch.spec.whatwg.org/#concept-request-window"},
 "https://fetch.spec.whatwg.org/#concept-response": {"displayText":"response","export":true,"for_":[],"level":"1","normative":true,"shortname":"fetch","spec":"fetch","status":"current","text":"response","type":"dfn","url":"https://fetch.spec.whatwg.org/#concept-response"},
 "https://fetch.spec.whatwg.org/#concept-response-body": {"displayText":"body","export":true,"for_":["response"],"level":"1","normative":true,"shortname":"fetch","spec":"fetch","status":"current","text":"body","type":"dfn","url":"https://fetch.spec.whatwg.org/#concept-response-body"},
 "https://fetch.spec.whatwg.org/#concept-response-header-list": {"displayText":"header list","export":true,"for_":["response"],"level":"1","normative":true,"shortname":"fetch","spec":"fetch","status":"current","text":"header list","type":"dfn","url":"https://fetch.spec.whatwg.org/#concept-response-header-list"},
