We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The report-to directive should be taking in a 'group-name' string that references the values inside a separate Report-To header.
Report-To
It looks like this library needs to be updated to:
Clean up report_to because it should not be taking a json object, but rather a string corresponding to the group name
report_to
Add a Report-To header
Happy to send a PR, just wanted to run this by you guys to check that I'm not mistaken or overlooking something.
This header is currently only supported on Chrome, but it's the future once report-uri gets fully deprecated: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/report-uri
report-uri
Correct sample policy:
Report-To: { "group": "csp-endpoint", "max_age": 10886400, "endpoints": [ { "url": "https://example.com/csp-reports" } ] }, { "group": "hpkp-endpoint", "max_age": 10886400, "endpoints": [ { "url": "https://example.com/hpkp-reports" } ] } Content-Security-Policy: ...; report-to csp-endpoint
The text was updated successfully, but these errors were encountered:
Fixed with #6
Sorry, something went wrong.
No branches or pull requests
The report-to directive should be taking in a 'group-name' string that references the values inside a separate
Report-Toheader.It looks like this library needs to be updated to:
Clean up
report_tobecause it should not be taking a json object, but rather a string corresponding to the group nameAdd a
Report-ToheaderHappy to send a PR, just wanted to run this by you guys to check that I'm not mistaken or overlooking something.
This header is currently only supported on Chrome, but it's the future once
report-urigets fully deprecated: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/report-uriCorrect sample policy:
The text was updated successfully, but these errors were encountered: