Skip to content

nginx/csp/blank.html: add missing reporting #1515

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
lognaturel merged 1 commit into from
Dec 3, 2025
Merged

nginx/csp/blank.html: add missing reporting #1515

lognaturel merged 1 commit into from
Dec 3, 2025

Conversation

@alxndrsn
Copy link
Contributor

@alxndrsn alxndrsn commented Dec 3, 2025
edited
Loading

Prompted by reviews from #1478.

Closes #1520.

What has been done to verify that this works as intended?

CI.

Why is this the best possible solution? Were any other approaches considered?

Without a report URI, violations will not be known, which would make switching from Content-Security-Policy-Report-Only to Content-Security-Policy risky.

How does this change affect users? Describe intentional changes to behavior and behavior that could have accidentally been affected by code changes. In other words, what are the regression risks?

No effect.

Does this change require updates to documentation? If so, please file an issue here and include the link below.

No.

Before submitting this PR, please make sure you have:

  • branched off and targeted the next branch OR only changed documentation/infrastructure (master is stable and used in production)
  • verified that any code or assets from external sources are properly credited in comments or that everything is internally sourced

CSP: add reporting for blank.html
44aa082 
It was an oversight to omit reporting for blank.html and other "disallow-all" pages.  With a `report-uri` directive, violations will not be known.
@alxndrsn alxndrsn changed the base branch from master to next December 3, 2025 12:02
@alxndrsn alxndrsn changed the title Csp disallow all add report CSP: add reporting for blank.html Dec 3, 2025
@alxndrsn alxndrsn marked this pull request as ready for review December 3, 2025 12:22
@alxndrsn alxndrsn changed the title CSP: add reporting for blank.html CSP: blank.html: add missing reporting Dec 3, 2025
@alxndrsn alxndrsn changed the title CSP: blank.html: add missing reporting nginx/csp/blank.html: add missing reporting Dec 3, 2025
@matthew-white matthew-white linked an issue Dec 3, 2025 that may be closed by this pull request
nginx/csp/blank.html: report-uri directive missing #1520
Closed
@lognaturel lognaturel merged commit b4252cb into getodk:next Dec 3, 2025
5 checks passed
@alxndrsn alxndrsn mentioned this pull request Dec 3, 2025
Closed
@alxndrsn alxndrsn deleted the csp-disallow-all-add-report branch December 3, 2025 18:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@matthew-white matthew-white matthew-white approved these changes

@lognaturel lognaturel Awaiting requested review from lognaturel

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

nginx/csp/blank.html: report-uri directive missing

3 participants

@alxndrsn @matthew-white @lognaturel