Ky sajt do të funksionojë me kufizime, teksa bëjmë mirëmbajtjen e tij për të përmirësuar punën tuaj. Nëse një artikull nuk e zgjidh problemin tuaj dhe dëshironi të bëni një pyetje, kemi bashkësinë tonë të asistencës, e gatshme për t’ju ndihmuar, te @FirefoxSupport në Twitter dhe/r/firefox në Reddit.

Kërkoni te Asistenca

Shmangni karremëzime gjoja asistence. S’do t’ju kërkojmë kurrë të bëni një thirrje apo të dërgoni tekst te një numër telefoni, apo të na jepni të dhëna personale. Ju lutemi, raportoni veprimtari të dyshimtë duke përdorur mundësinë “Raportoni Abuzim”.

Mësoni Më Tepër

Test Content-Security-Policy violation handling

  • 1 përgjigje
  • 0 e kanë hasur këtë problem
  • 2 parje
  • Përgjigjja më e re nga markwarner22

more options

Hi,

I am developing a website of my own and in that website I want to implement a handler for Content-Security-Policy violation reports. I want to test if this handler works as I expect and therefore I have configured a webpage such that is will report CSP violations (I see them in the web developer console) and I want to have them sent to my application's CSP-violation handler.

In my test environment, the application is running on localhost. I have run my web application both on HTTP and HTTPS (with a self-signed certificate), but in neither case Firefox is sending any reports to my application.

My CSP headers look as follows: Content-Security-Policy: report-uri http://localhost:5281/csp-violation;base-uri 'none';default-src 'self';form-action 'none';frame-ancestors 'none';report-to csp-viol;script-src 'unsafe-eval' 'nonce-9FuQ3NuVoW66DT1ZU4w9EPSymnHE1/hg';style-src 'unsafe-eval' 'nonce-9FuQ3NuVoW66DT1ZU4w9EPSymnHE1/hg' Reporting-Endpoints: csp-viol=http://localhost:5281/csp-violation Report-To: {"group":"csp-viol","max_age":10886400,"endpoints":[{"url":"http://localhost:5281/csp-violation"}]}

When I run my application using HTTPS, all HTTP in the endpoints will also be HTTPS.

I have verified that when I post something by hand to http://localhost:5281/csp-violation, my handler is executed, so that is not the issue. I believe that Firefox is just not sending the reports. Is there a way to configure Firefox such that it will send the CSP violation reports to my application when run on HTTP(S) on localhost?

Sincerely, Marcel

Hi, I am developing a website of my own and in that website I want to implement a handler for Content-Security-Policy violation reports. I want to test if this handler works as I expect and therefore I have configured a webpage such that is will report CSP violations (I see them in the web developer console) and I want to have them sent to my application's CSP-violation handler. In my test environment, the application is running on localhost. I have run my web application both on HTTP and HTTPS (with a self-signed certificate), but in neither case Firefox is sending any reports to my application. My CSP headers look as follows: Content-Security-Policy: report-uri http://localhost:5281/csp-violation;base-uri 'none';default-src 'self';form-action 'none';frame-ancestors 'none';report-to csp-viol;script-src 'unsafe-eval' 'nonce-9FuQ3NuVoW66DT1ZU4w9EPSymnHE1/hg';style-src 'unsafe-eval' 'nonce-9FuQ3NuVoW66DT1ZU4w9EPSymnHE1/hg' Reporting-Endpoints: csp-viol=http://localhost:5281/csp-violation Report-To: {"group":"csp-viol","max_age":10886400,"endpoints":[{"url":"http://localhost:5281/csp-violation"}]} When I run my application using HTTPS, all HTTP in the endpoints will also be HTTPS. I have verified that when I post something by hand to http://localhost:5281/csp-violation, my handler is executed, so that is not the issue. I believe that Firefox is just not sending the reports. Is there a way to configure Firefox such that it will send the CSP violation reports to my application when run on HTTP(S) on localhost? Sincerely, Marcel

Krejt Përgjigjet (1)

more options

This is just a Firefox browser user help forum not a support ticket site for testing software.

E dobishme?

Bëni një pyetje

Duhet të bëni hyrjen te llogaria juaj që t’i përgjigjeni postimeve. Ju lutemi, filloni me një pyetje të re, nëse nuk keni ende një llogari.