Adding support for report-to directive to Content Security Policy DSL

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Adding support for report-to directive to Content Security Policy DSL

Alex Cruice
Is there any appetite for accepting a small patch to the Content Security Policy DSL to support the report-to directive?

There was previous discussion to replace report-uri, https://github.com/rails/rails/issues/33561. I agree with the reason for that issue's closure, CSP3 is still only in working draft status and it shouldn't replace report-uri yet. Is there opposition to a simple addition?

https://github.com/alexcruice/rails/commit/cff67b42b4fa37899004afe88abf216adfab9ded

It would be left to the user to understand the interaction between report-uri and report-to. The spec suggests you use both if you want to leverage the Reporting API, https://www.w3.org/TR/CSP3/#directive-report-uri.

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-core/d60fdac0-44b0-4b4e-b45d-52e2c41ef28e%40googlegroups.com.