[jira] [Commented] (OFBIZ-11889) fixes for csp-report subsystem

Jacques Le Roux (Jira) Fri, 19 Nov 2021 02:27:05 -0800


    [ 
https://issues.apache.org/jira/browse/OFBIZ-11889?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17446421#comment-17446421
 ]


Jacques Le Roux commented on OFBIZ-11889:
-----------------------------------------

I have tried using this modified patch  [^OFBIZ-11889.patch]  (fixed issues in 
CSPEvents class) but I always get an empty value in request body. Anyway 
report-uri will be replaced tu report-to*. I'll wait for that.

* 
https://developer.mozilla.org/fr/docs/Web/HTTP/Headers/Content-Security-Policy/report-to

> fixes for csp-report subsystem
> ------------------------------
>
>                 Key: OFBIZ-11889
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-11889
>             Project: OFBiz
>          Issue Type: Improvement
>          Components: ALL COMPONENTS
>    Affects Versions: Release Branch 17.12, Trunk
>            Reporter: Alex Bodnaru
>            Assignee: Jacques Le Roux
>            Priority: Major
>         Attachments: OFBIZ-11889.patch, csp-report.patch
>
>   Original Estimate: 1h
>  Remaining Estimate: 1h
>
> added report-uri and unsafe-inline support for csp report.
> added handling of csp-reports and logging them as errors.
> unhandled reports are poluting the browser error console.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (OFBIZ-11889) fixes for csp-report subsystem

Reply via email to