File tree Expand file tree Collapse file tree 1 file changed +6
-1
lines changed Expand file tree Collapse file tree 1 file changed +6
-1
lines changed Original file line number Diff line number Diff line change @@ -260,6 +260,7 @@ function jq_content_security_policy() {
260260 return ;
261261 }
262262 $ noncebin2hex ( random_bytes ( 8 ) );
263+ $ report_url'https://csp-report-api.openjs-foundation.workers.dev/ ' ;
263264 $ policyarray (
264265 'default-src ' => "'self' " ,
265266 'script-src ' => "'self' 'nonce- $ nonce' code.jquery.com " ,
@@ -277,7 +278,10 @@ function jq_content_security_policy() {
277278 'frame-ancestors ' => "'none' " ,
278279 'base-uri ' => "'self' " ,
279280 'block-all-mixed-content ' => '' ,
280- 'report-to ' => 'https://csp-report-api.openjs-foundation.workers.dev/ ' ,
281+ 'report-to ' => 'csp-endpoint ' ,
282+ // Add report-uri for Firefox, which
283+ // does not yet support report-to
284+ 'report-uri ' => $ report_url
281285 );
282286
283287 $ policyapply_filters ( 'jq_content_security_policy ' , $ policy
@@ -287,6 +291,7 @@ function jq_content_security_policy() {
287291 $ policy_string$ key' ' . $ value'; ' ;
288292 }
289293
294+ header ( 'Reporting-Endpoints: csp-endpoint=" ' . $ report_url'" ' );
290295 header ( 'Content-Security-Policy-Report-Only: ' . $ policy_string
291296}
292297
You can’t perform that action at this time.
0 commit comments