Fix typo in CSP Report-To header name
The header name was Report-To, not Reply-To. In any case, that's now being changed to the Reporting-Endpoints HTTP Response Header. https://w3c.github.io/reporting/#header https://github.com/w3c/reporting/issues/177 CanIUse says the Report-To header is still supported by current Chrome and friends. https://caniuse.com/mdn-http_headers_report-to It doesn't have any data for the Reporting-Endpoints HTTP header, but this article says Chrome 96 supports it. https://web.dev/reporting-api/ (Even though that's come out one year ago, that's not compatible with Network Error Logging which's still using the Report-To version of the API) Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
parent
7cfce562a9
commit
4d0a51221a
|
@ -68,7 +68,7 @@ def headers do
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
[{"reply-to", Jason.encode!(report_group)} | headers]
|
[{"report-to", Jason.encode!(report_group)} | headers]
|
||||||
else
|
else
|
||||||
headers
|
headers
|
||||||
end
|
end
|
||||||
|
|
|
@ -59,9 +59,9 @@ test "it sends `report-to` & `report-uri` CSP response headers", %{conn: conn} d
|
||||||
|
|
||||||
assert csp =~ ~r|report-uri https://endpoint.com;report-to csp-endpoint;|
|
assert csp =~ ~r|report-uri https://endpoint.com;report-to csp-endpoint;|
|
||||||
|
|
||||||
[reply_to] = Conn.get_resp_header(conn, "reply-to")
|
[report_to] = Conn.get_resp_header(conn, "report-to")
|
||||||
|
|
||||||
assert reply_to ==
|
assert report_to ==
|
||||||
"{\"endpoints\":[{\"url\":\"https://endpoint.com\"}],\"group\":\"csp-endpoint\",\"max-age\":10886400}"
|
"{\"endpoints\":[{\"url\":\"https://endpoint.com\"}],\"group\":\"csp-endpoint\",\"max-age\":10886400}"
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue