Reporting

[Jxck]

Like CSP, I wanna know where was blocked by feature policy.
but Spec says nothing about reporting-to/-uri.
is there any plan to do support reporting ?
or is there any reason not doing that ?

[clelland]

We are definitely planning to support reporting, through the Reporting API (And the Report-To header). There are definitely reasons why it hasn't happened yet, specifically there are issues around reporting the behaviour of documents in cross-origin frames, but I'm hoping to have a proposal up here fairly soon to address that.

Thanks for opening this, btw -- we should use it for discussion of all of the issues around reporting.

[nico3333fr]

Yes, reporting could be useful to understand potential side-effects and deploy Feature Policy easily on websites.

[flano-yuki]

Currently it is written as follows

Report-To: {"url":"https://reportingapi.tools/public/submit","max-age":86400}

https://github.com/WICG/feature-policy/blob/824de86f89599240c24b5ae3cd58d25984446af5/reporting.md

As an example in reporting api spec, I think it should be associated by group.

for example

Report-To: { "group": "featuer-policy-report",
             "max_age": 10886400,
             "endpoints": [
               { "url": "https://example.com/reports", "priority": 1 }
             ] }

Feature-Policy: syncxhr-report-only 'none'; report-to=featuer-policy-report

[clelland]

Yes, @flano-yuki, that's true -- it looks like the header syntax was changed back in w3c/reporting#67. I'll update that example, and ensure the changes make it into the spec eventually as well. Thanks!

[ebidel]

+1 for being able to specify an endpoint group using report-to directive.

I think it's ok if browser-generated interventions and deprecations are reported to the default group since you don't have control over those. But Feature Policy is a bit different since it's opt-in by the developer.

[clelland]

Closing this out as we've integrated reporting as of #529