W3cubDocs

SecurityPolicyViolationEvent

This is an experimental technology
Check the Browser compatibility table carefully before using this in production.

The SecurityPolicyViolationEvent interface inherits from Event, and represents the event object of an event sent on a document or worker when its content security policy is violated.

Constructor

SecurityPolicyViolationEvent(): Creates a new SecurityPolicyViolationEvent object instance.

Properties

SecurityPolicyViolationEvent.blockedURIRead only: A USVString representing the URI of the resource that was blocked because it violates a policy.
SecurityPolicyViolationEvent.columnNumberRead only: The column number in the document or worker at which the violation occurred.
SecurityPolicyViolationEvent.dispositionRead only: Indicates how the violated policy is configured to be treated by the user agent. This will be "enforce" or "report".
SecurityPolicyViolationEvent.documentURIRead only: A USVString representing the URI of the document or worker in which the violation was found.
SecurityPolicyViolationEvent.effectiveDirectiveRead only: A DOMString representing the directive whose enforcement uncovered the violation.
SecurityPolicyViolationEvent.lineNumberRead only: The line number in the document or worker at which the violation occurred.
SecurityPolicyViolationEvent.originalPolicyRead only: A DOMString containing the policy whose enforcement uncovered the violation.
SecurityPolicyViolationEvent.referrerRead only: A USVString representing the referrer of the resources whose policy was violated. This will be a URL or null.
SecurityPolicyViolationEvent.sampleRead only: A DOMString representing a sample of the resource that caused the violation, usually the first 40 characters. This will only be populated if the resource is an inline script, event handler, or style — external resources causing a violation will not generate a sample.
SecurityPolicyViolationEvent.sourceFileRead only: A USVString representing the URI of the document or worker in which the violation was found.
SecurityPolicyViolationEvent.statusCodeRead only: A number representing the HTTP status code of the document or worker in which the violation occurred.
SecurityPolicyViolationEvent.violatedDirectiveRead only: A DOMString representing the directive whose enforcement uncovered the violation.

Examples

document.addEventListener("securitypolicyviolation", (e) => {
  console.log(e.blockedURI);    
  console.log(e.violatedDirective);    
  console.log(e.originalPolicy);
});

Specifications

Specification	Status	Comment
Content Security Policy Level 3 The definition of 'SecurityPolicyViolationEvent' in that specification.	Working Draft	Initial definition.

Browser compatibilityUpdate compatibility data on GitHub

	Desktop
	Chrome	Edge	Firefox	Internet Explorer	Opera	Safari
Basic support	Yes	Yes	63 63 59 Disabled Disabled From version 59: this feature is behind the `security.csp.enable_violation_events` preference (needs to be set to `true`). To change preferences in Firefox, visit about:config.	No	Yes	Yes
`SecurityPolicyViolationEvent` support in workers	56	Yes	63 63 59 Disabled Disabled From version 59: this feature is behind the `security.csp.enable_violation_events` preference (needs to be set to `true`). To change preferences in Firefox, visit about:config.	No	43	Yes
`SecurityPolicyViolationEvent()` constructor	Yes	Yes	63 63 59 Disabled Disabled From version 59: this feature is behind the `security.csp.enable_violation_events` preference (needs to be set to `true`). To change preferences in Firefox, visit about:config.	No	Yes	Yes
`blockedURI`	Yes	15	63 63 59 Disabled Disabled From version 59: this feature is behind the `security.csp.enable_violation_events` preference (needs to be set to `true`). To change preferences in Firefox, visit about:config.	No	Yes	Yes
`columnNumber`	Yes	15	63 63 59 Disabled Disabled From version 59: this feature is behind the `security.csp.enable_violation_events` preference (needs to be set to `true`). To change preferences in Firefox, visit about:config.	No	Yes	Yes
`disposition`	Yes	Yes	63 63 59 Disabled Disabled From version 59: this feature is behind the `security.csp.enable_violation_events` preference (needs to be set to `true`). To change preferences in Firefox, visit about:config.	No	Yes	Yes
`documentURI`	Yes	15	63 63 59 Disabled Disabled From version 59: this feature is behind the `security.csp.enable_violation_events` preference (needs to be set to `true`). To change preferences in Firefox, visit about:config.	No	Yes	Yes
`effectiveDirective`	Yes	15	63 63 59 Disabled Disabled From version 59: this feature is behind the `security.csp.enable_violation_events` preference (needs to be set to `true`). To change preferences in Firefox, visit about:config.	No	Yes	Yes
`lineNumber`	Yes	15	63 63 59 Disabled Disabled From version 59: this feature is behind the `security.csp.enable_violation_events` preference (needs to be set to `true`). To change preferences in Firefox, visit about:config.	No	Yes	Yes
`originalPolicy`	Yes	15	63 63 59 Disabled Disabled From version 59: this feature is behind the `security.csp.enable_violation_events` preference (needs to be set to `true`). To change preferences in Firefox, visit about:config.	No	Yes	Yes
`referrer`	Yes	15	63 63 59 Disabled Disabled From version 59: this feature is behind the `security.csp.enable_violation_events` preference (needs to be set to `true`). To change preferences in Firefox, visit about:config.	No	Yes	Yes
`sample`	59	Yes	63 63 59 Disabled Disabled From version 59: this feature is behind the `security.csp.enable_violation_events` preference (needs to be set to `true`). To change preferences in Firefox, visit about:config.	No	46	Yes
`sourceFile`	Yes	15	63 63 59 Disabled Disabled From version 59: this feature is behind the `security.csp.enable_violation_events` preference (needs to be set to `true`). To change preferences in Firefox, visit about:config.	No	Yes	Yes
`statusCode`	Yes	15	63 63 59 Disabled Disabled From version 59: this feature is behind the `security.csp.enable_violation_events` preference (needs to be set to `true`). To change preferences in Firefox, visit about:config.	No	Yes	Yes
`violatedDirective`	Yes	15	63 63 59 Disabled Disabled From version 59: this feature is behind the `security.csp.enable_violation_events` preference (needs to be set to `true`). To change preferences in Firefox, visit about:config.	No	Yes	Yes