beacon icon indicating copy to clipboard operation
beacon copied to clipboard

Published 20 hours ago verified publisher icon w3c

Chrome, Safari and Firefox behave differently when beacon blocked by CSP

Open chernodub opened this issue 9 months ago • 1 comments

Hi, I found out that some browser engines behave differently when a beacon request is blocked by CSP policy (it happens when domain is not specified in connect-src section of the CSP header). As far as I see, the spec does not define what is the "right" value to return in this case: https://www.w3.org/TR/beacon/#return-value

Actual behavior

  • Safari, Chrome: sendBeacon returns true
  • Firefox: sendBeacon returns false

Expected behavior

Work consistently across browsers.

ps: I'm not 100% sure if this is the right place to open an issue, but I figured that it would be reasonable to first figure out what behavior is “canonical” in this scenario. I would greatly appreciate any thoughts on this. Thanks!

The reproduction is here: https://chernodub.dev/beacon (source code https://github.com/chernodub/chernodub.github.io/blob/main/src/pages/beacon.html)

Steps to reproduce

Try playing with reproduction in different browsers

chernodub avatar May 08 '24 08:05 chernodub