Valid JSON cannot be saved into the Report-To header option

[elpadi]

Hi, the MDN article on the Report-To header lists its type as JSON, but when I try to save a JSON string in the admin, there is some sanitizing that is removing the commas.

I believe the issue is that the Report-To header should not have the same sanitizing rules as the directives that go under the content-security-policy header.

Happy to open up a PR if you agree with the above. My suggestions are:

• Add a 'type' => 'json' paramater to the field definition, which would make the default sanitizer skip it. I guess a more correct update would remove it from the directives array, but I'm trying to think of the smallest changeset possible.
• In the pre-update hook, add a conditional to check for that type and validate the input with json_decode().

Thanks, looking forward to your thoughts.

Carlos

[elpadi]

After a closer look at the code I see I was wrong about adding 'type' => 'json', that was the wrong thing to be looking at, but opened up a PR with a modification of the pre-update hook adding a special case for header_reportto.

That's the simplest change I can think of that gets the job done.