SecurityPolicyViolationEvent
Experimental: This is an experimental technology
Check the Browser compatibility table carefully before using this in production.
The SecurityPolicyViolationEvent
interface inherits from Event
, and represents the event object of an event sent on a document or worker when its content security policy is violated.
Constructor
SecurityPolicyViolationEvent()
-
Creates a new
SecurityPolicyViolationEvent
object instance.
Properties
SecurityPolicyViolationEvent.blockedURI
Read only-
A
USVString
representing the URI of the resource that was blocked because it violates a policy. SecurityPolicyViolationEvent.columnNumber
Read only-
The column number in the document or worker at which the violation occurred.
SecurityPolicyViolationEvent.disposition
Read only-
Indicates how the violated policy is configured to be treated by the user agent. This will be
"enforce"
or"report"
. SecurityPolicyViolationEvent.documentURI
Read only-
A
USVString
representing the URI of the document or worker in which the violation was found. SecurityPolicyViolationEvent.effectiveDirective
Read only-
A
DOMString
representing the directive whose enforcement uncovered the violation. SecurityPolicyViolationEvent.lineNumber
Read only-
The line number in the document or worker at which the violation occurred.
SecurityPolicyViolationEvent.originalPolicy
Read only-
A
DOMString
containing the policy whose enforcement uncovered the violation. SecurityPolicyViolationEvent.referrer
Read only-
A
USVString
representing the referrer of the resources whose policy was violated. This will be a URL ornull
. SecurityPolicyViolationEvent.sample
Read only-
A
DOMString
representing a sample of the resource that caused the violation, usually the first 40 characters. This will only be populated if the resource is an inline script, event handler, or style — external resources causing a violation will not generate a sample. SecurityPolicyViolationEvent.sourceFile
Read only-
A
USVString
representing the URI of the document or worker in which the violation was found. SecurityPolicyViolationEvent.statusCode
Read only-
A number representing the HTTP status code of the document or worker in which the violation occurred.
SecurityPolicyViolationEvent.violatedDirective
Read only-
A
DOMString
representing the directive whose enforcement uncovered the violation.
Examples
document.addEventListener("securitypolicyviolation", (e) => {
console.log(e.blockedURI);
console.log(e.violatedDirective);
console.log(e.originalPolicy);
});
Specifications
Specification |
---|
Content Security Policy Level 3 # report-violation |
Browser compatibility
BCD tables only load in the browser