View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0005143 | Composr | core | public | 2022-12-14 09:05 | 2022-12-15 16:35 |
| Reporter | Patrick Schmalstig | Assigned To | |||
| Severity | Feature-request | ||||
| Status | non-assigned | Resolution | open | ||
| Product Version | |||||
| Fixed in Version | |||||
| Summary | 0005143: CSP: request-uri is deprecated | ||||
| Description | The request-uri directive in CSP, which is what we are using, is deprecated. Use report-to instead. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/report-uri | ||||
| Tags | No tags attached. | ||||
| Time estimation (hours) | |||||
| Sponsorship open | |||||
|
|
All browsers support CSP's request-uri, but Firefox doesn't support the Reporting API which report-to depends on. It's been behind a flag for years, and now isn't even available behind a flag because the implementation is outdated (https://bugzilla.mozilla.org/show_bug.cgi?id=1775194). So makes sense to hold off on this. |
|
|
I've disabled CSP reporting for regular users via https://gitlab.com/composr-foundation/composr/-/commit/65ec77311484d4404d1c9b143f6dbec2eac3fabc so to avoid console errors. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2022-12-14 09:05 | Patrick Schmalstig | New Issue | |
| 2022-12-15 16:32 | Chris Graham | Note Added: 0007789 | |
| 2022-12-15 16:34 | Chris Graham | Note Added: 0007790 | |
| 2022-12-15 16:35 | Chris Graham | Severity | Trivial-bug => Feature-request |
