Add report-to CSP directive (#20567)

GitOrigin-RevId: 28ba23aee10deec14de5c520cb277fa10bee118c
This commit is contained in:
Alf Eaton 2024-10-02 10:30:47 +01:00 committed by Copybot
parent 24c8629cd4
commit 868fc93012

View file

@ -16,6 +16,9 @@ module.exports = function ({
return function (req, res, next) { return function (req, res, next) {
// set the default policy // set the default policy
res.set(header, defaultPolicy) res.set(header, defaultPolicy)
if (reportUri) {
res.set('Reporting-Endpoints', `csp-endpoint="${reportUri}"`)
}
const originalRender = res.render const originalRender = res.render
@ -25,6 +28,7 @@ module.exports = function ({
if (exclude.includes(view)) { if (exclude.includes(view)) {
// remove the default policy // remove the default policy
res.removeHeader(header) res.removeHeader(header)
res.removeHeader('Reporting-Endpoints')
} else { } else {
// set the view policy // set the view policy
res.locals.cspEnabled = true res.locals.cspEnabled = true
@ -58,7 +62,7 @@ const buildDefaultPolicy = (reportUri, styleSrc) => {
if (reportUri) { if (reportUri) {
directives.push(`report-uri ${reportUri}`) directives.push(`report-uri ${reportUri}`)
// NOTE: implement report-to once it's more widely supported directives.push(`report-to csp-endpoint`)
} }
if (styleSrc) { if (styleSrc) {
@ -81,7 +85,7 @@ const buildViewPolicy = (scriptNonce, reportPercentage, reportUri) => {
if (belowReportCutoff) { if (belowReportCutoff) {
directives.push(`report-uri ${reportUri}`) directives.push(`report-uri ${reportUri}`)
// NOTE: implement report-to once it's more widely supported directives.push(`report-to csp-endpoint`)
} }
} }