Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Trust and Safety

See original GitHub issue

Summarizing our latest meeting.

Initial Work For Trust and Safety

is-on-https

We want to align on the “mixed content” issues that will be landing in CDT soon. See this issue for more: https://github.com/GoogleChrome/lighthouse/issues/10615

COEP

One approach would be to fail if there is no COEP header. However, we are hesitant to do this because the benefits aren’t universally applicable.

The approach we’re going with is simply listing the frames that are blocked due to the embedder policy. This information will come from the backend, but it’s still a WIP.

Existing audits

In addition, we want to re-home these existing audits:

external-anchors-use-rel-noopener
redirects-http
geolocation-on-start
notification-on-start
vulnerabilities

https://github.com/GoogleChrome/lighthouse/pull/10623

Place in the report

We have two options:

A new category
Group in best-practices

If we did 1, there’s a question of how to present the score–badge vs score (and pass/fail vs numerical score). Due to that, we are leaning towards option 2.

Issue Analytics

State:
Created 3 years ago
Reactions:1
Comments:5 (2 by maintainers)

Top GitHub Comments

1reaction

connorjclarkcommented, Apr 29, 2020

You enabled these policies and there are currently things broken as a result. IMO this is the role of devtools. (And what devtools is doing). I see it Lighthouse’s role as basically telling you “hey you have errors in the console”. And turns out, there are already console errors notifying the user of failed network requests, so essentially we already have basic coverage here.

In the long run, I think we should have a unique audit in Lighthouse for every Audits.InspectorIssueCode.

There’s an inconsistency here. I think what’s been unsaid is we don’t want to invest engineering work on a low-impact audit, which you’ve identified COEP issues in Lighthouse as. Which I agree with.

In order to do COEP stuff today we’d have to do some eng work (has not landed in the protocol yet), but once it is landed in the backend it’s straightforward to consume. At that point, we’d want to make an audit for COEP issues, right?

0reactions

connorjclarkcommented, Sep 29, 2020

We have done this initial work, T&S will be an ongoing things (such as issue catch all, csp audit, etc…)

Top Results From Across the Web

What the Heck is Trust and Safety? - LinkedIn

Trust and Safety is a term commonly used on platforms where people interact. It is the foundation to enable unfamiliar or total strangers...

Trust and Safety 101 - GetStream.io

Trust and Safety (T&S) is an umbrella term for the department, technology, policy, and mission online platforms establish to protect their ...

Trust & Safety Professional Association: Home

Advancing the trust and safety profession through a shared community of practice. Explore What We Do. Trust & Safety Professional Association.

What is trust and safety? - Authentic8

Trust and safety teams focus on identifying and resolving potentially harmful situations, mitigating risks and establishing a foundation of ...

The Guide to Trust & Safety: Building a Team - ActiveFence

In today's online climate, companies must prioritize trust and safety from the start. · This role ensures that a product includes safety mechanisms,...