dom / latest / securitypolicyviolationevent.html /

SecurityPolicyViolationEvent

Experimental: This is an experimental technology
Check the Browser compatibility table carefully before using this in production.

The SecurityPolicyViolationEvent interface inherits from Event, and represents the event object of an event sent on a document or worker when its content security policy is violated.

Event SecurityPolicyViolationEvent

Constructor

SecurityPolicyViolationEvent()

Creates a new SecurityPolicyViolationEvent object instance.

Properties

SecurityPolicyViolationEvent.blockedURI Read only

A USVString representing the URI of the resource that was blocked because it violates a policy.

SecurityPolicyViolationEvent.columnNumber Read only

The column number in the document or worker at which the violation occurred.

SecurityPolicyViolationEvent.disposition Read only

Indicates how the violated policy is configured to be treated by the user agent. This will be "enforce" or "report".

SecurityPolicyViolationEvent.documentURI Read only

A USVString representing the URI of the document or worker in which the violation was found.

SecurityPolicyViolationEvent.effectiveDirective Read only

A DOMString representing the directive whose enforcement uncovered the violation.

SecurityPolicyViolationEvent.lineNumber Read only

The line number in the document or worker at which the violation occurred.

SecurityPolicyViolationEvent.originalPolicy Read only

A DOMString containing the policy whose enforcement uncovered the violation.

SecurityPolicyViolationEvent.referrer Read only

A USVString representing the referrer of the resources whose policy was violated. This will be a URL or null.

SecurityPolicyViolationEvent.sample Read only

A DOMString representing a sample of the resource that caused the violation, usually the first 40 characters. This will only be populated if the resource is an inline script, event handler, or style — external resources causing a violation will not generate a sample.

SecurityPolicyViolationEvent.sourceFile Read only

A USVString representing the URI of the document or worker in which the violation was found.

SecurityPolicyViolationEvent.statusCode Read only

A number representing the HTTP status code of the document or worker in which the violation occurred.

SecurityPolicyViolationEvent.violatedDirective Read only

A DOMString representing the directive whose enforcement uncovered the violation.

Examples

document.addEventListener("securitypolicyviolation", (e) => {
  console.log(e.blockedURI);
  console.log(e.violatedDirective);
  console.log(e.originalPolicy);
});

Specifications

Specification
Content Security Policy Level 3
# report-violation

Browser compatibility

Desktop Mobile
Chrome Edge Firefox Internet Explorer Opera Safari WebView Android Chrome Android Firefox for Android Opera Android Safari on IOS Samsung Internet
SecurityPolicyViolationEvent
41
15
63
No
28
10
41
41
63
28
10
4.0
SecurityPolicyViolationEvent
41
15
63
No
28
10
41
41
63
28
10
4.0
blockedURI
41
15
63
No
28
10
41
41
63
28
10
4.0
columnNumber
41
15
63
No
28
10
41
41
63
28
10
4.0
disposition
56
79
63
No
43
15
56
56
63
43
15
6.0
documentURI
41
15
63
No
28
10
41
41
63
28
10
4.0
effectiveDirective
41
15
63
No
28
10
41
41
63
28
10
4.0
lineNumber
41
15
63
No
28
10
41
41
63
28
10
4.0
originalPolicy
41
15
63
No
28
10
41
41
63
28
10
4.0
referrer
41
15
63
No
28
10
41
41
63
28
10
4.0
sample
59
79
63
No
46
15
59
59
63
43
15
7.0
sourceFile
41
15
63
No
28
10
41
41
63
28
10
4.0
statusCode
41
15
63
No
28
10
41
41
63
28
10
4.0
violatedDirective
41
15
63
No
28
10
41
41
63
28
10
4.0
worker_support
56
15
63
No
43
No
56
56
63
43
No
6.0

See also

© 2005–2021 MDN contributors.
Licensed under the Creative Commons Attribution-ShareAlike License v2.5 or later.
https://developer.mozilla.org/en-US/docs/Web/API/SecurityPolicyViolationEvent

Name Web APIs
Version
Badge
Last Updated 2022-04-27T09:33:08Z