[Bps-public-commit] rt-extension-csp branch master updated. 96392e619cb3fb0b5951d7ad31fccc2e8b32055d

BPS Git Server git at git.bestpractical.com
Fri Mar 29 20:35:17 UTC 2024 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "rt-extension-csp".

The branch, master has been updated
       via  96392e619cb3fb0b5951d7ad31fccc2e8b32055d (commit)
       via  8c5336fe917f4b86c18c4eeea126a937c085dcae (commit)
      from  495744ce0ad97256e1ddedeaaca6f5e985f7ae29 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 96392e619cb3fb0b5951d7ad31fccc2e8b32055d
Author: Jim Brandt <jbrandt at bestpractical.com>
Date:   Fri Mar 29 16:34:41 2024 -0400

    Set report-to in the CSP header also
    
    It still only seems to work with Firefox, not Safari,
    Opera, or MS Edge.

diff --git a/html/Callbacks/RT-Extension-CSP/Elements/HttpResponseHeaders/End b/html/Callbacks/RT-Extension-CSP/Elements/HttpResponseHeaders/End
index b7fc4be..d8770a6 100644
--- a/html/Callbacks/RT-Extension-CSP/Elements/HttpResponseHeaders/End
+++ b/html/Callbacks/RT-Extension-CSP/Elements/HttpResponseHeaders/End
@@ -5,7 +5,7 @@ my $csp_directive = RT->Config->Get('CSPDirective') if RT->Config->Get('CSPDirec
 my $csp_report_directive = $csp_directive || RT->Config->Get('CSPReportDirective') || "default-src 'none';";
 
 if ( length $csp_directive ) {
-    $r->headers_out->{'Content-Security-Policy'} = "$csp_directive";
+    $r->headers_out->{'Content-Security-Policy'} = "$csp_directive report-uri $report_uri; report-to $report_uri";
 }
 
 $r->headers_out->{'Content-Security-Policy-Report-Only'} = "$csp_report_directive report-uri $report_uri; report-to $report_uri";
commit 8c5336fe917f4b86c18c4eeea126a937c085dcae
Author: Jim Brandt <jbrandt at bestpractical.com>
Date:   Fri Mar 29 16:31:15 2024 -0400

    Use the defined directive value

diff --git a/html/Callbacks/RT-Extension-CSP/Elements/HttpResponseHeaders/End b/html/Callbacks/RT-Extension-CSP/Elements/HttpResponseHeaders/End
index e31e5e7..b7fc4be 100644
--- a/html/Callbacks/RT-Extension-CSP/Elements/HttpResponseHeaders/End
+++ b/html/Callbacks/RT-Extension-CSP/Elements/HttpResponseHeaders/End
@@ -8,5 +8,5 @@ if ( length $csp_directive ) {
     $r->headers_out->{'Content-Security-Policy'} = "$csp_directive";
 }
 
-$r->headers_out->{'Content-Security-Policy-Report-Only'} = "default-src 'none'; report-uri $report_uri; report-to $report_uri";
+$r->headers_out->{'Content-Security-Policy-Report-Only'} = "$csp_report_directive report-uri $report_uri; report-to $report_uri";
 </%init>
-----------------------------------------------------------------------

Summary of changes:
 html/Callbacks/RT-Extension-CSP/Elements/HttpResponseHeaders/End | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)


hooks/post-receive
-- 
rt-extension-csp

More information about the Bps-public-commit mailing list