On 11/13/18 10:33 AM, Andrea Marchesini wrote:
*Summary*: Reporting API allows the page to receive notifications such as
the usage of deprecated APIs and FeaturePolicy violations.
I decided to implement this API, because it is required in the
web-platform-tests for FeaturePolicy.
Reporting API covers 2 different features:
a. reporting to the current page, via ReportingObserver
b. reporting to a remote server, known via 'report-to' HTTP header.
My implementation covers only the first aspect. However I also have patches
for the second part, not in review yet.
It is blatantly clear to me that the second part would be
a violation of the GDPR. I raised this issue in:
https://bugzilla.mozilla.org/show_bug.cgi?id=1492036#c9
No one has yet responded.
It may very well be that the first part also violates the GDPR
if it gives the page access to data that it would not otherwise
have access to. Isn't the whole purpose of the ReportingObserver
to facilitate sending data back to an external server through
some other mechanism like XHR?
/Mats
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
