Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

CSP: report-to option

See original GitHub issue

Is there a way to add a report-uri or report-to with report-endpoints header?

It looks like report-uri is deprecated in favor of report-to but Firefox and Safari don’t support report-to yet.

Issue Analytics

State:
Created 3 years ago
Comments:10 (3 by maintainers)

Top GitHub Comments

1reaction

UziTechcommented, Aug 11, 2020

Thanks @Hongbo-Miao Those packages seem to be exactly what I need 🎉

1reaction

EvanHahncommented, Aug 6, 2020

In Helmet 4 (which was recently released), directives are not hard-coded. That means you can supply any directive you want and it should work.

I expect my code snippet will be a good starting point and should work for you, but I’m happy to help debug.

Top Results From Across the Web

CSP: report-to - HTTP - MDN Web Docs

The Content-Security-Policy Report-To HTTP response header field instructs the user agent to store reporting endpoints for an origin.

Content Security Policy - Report URI Documentation

Using the Reporting API to send CSP reports is simpler and you do not need to indicate the disposition of the report (enforced...

How to add Report-To Content-Security-Policy directly in web ...

Go to net-export and select "Start Logging to Disk" (I just leave the default options). Select the location to save the log file....

An Introduction To Report-URI - Csper

'report-uri' is a nifty feature built into content-security-policy that allows website owners to get ... Setting up report-uri in a policy is pretty...

CSP report-to - Reporting API Demos

Sending Content Security Policy (CSP) violation reports with Reporting API using the Report-To header, asynchronously and out-of-band, when the browser ...