`application/csp-report` request body should be treated as JSON

[theneva]

:wave:

Some browsers (like the latest Chrome) send Content Security Policy (CSP) violation reports with the content type application/csp-report. The request body is always JSON according to the CSP spec.

When content type is set to application/json (explicitly or by default), one may pass an object to .send(…) which is automatically serialised to JSON.

I believe it makes sense to extend this behaviour to application/csp-report requests.

I ran into this issue when writing a test (using supertest) that mimics a Chrome CSP violation report request to our reporting endpoint.

On a related note that perhaps deserves its own issue, the error message is correct, but quite unhelpful:

TypeError [ERR_INVALID_ARG_TYPE]: The "string" argument must be one of type string, Buffer, or ArrayBuffer. Received type object

  at Test.Object.<anonymous>.Request._end (node_modules/superagent/lib/node/index.js:804:84)
  at Test.Object.<anonymous>.Request.end (node_modules/superagent/lib/node/index.js:777:15)
  at Test.Object.<anonymous>.Test.end (node_modules/supertest/lib/test.js:125:7)
  at node_modules/superagent/lib/request-base.js:238:12
  at Test.then (node_modules/superagent/lib/request-base.js:237:31)

It would be useful if this error message indicated that the issue might be related to the Content-Type being set to something other than the forms of application/json supported by the automatic serialisation.

For example, it might read:

TypeError [ERR_INVALID_ARG_TYPE]: For requests with Content-Type set to anything other than application/json, the "string" argument must be one of type string, Buffer, or ArrayBuffer. Received type object

… or perhaps something slightly more custom that also prints the received content type. I am not sure if anything other than the Content-Type header might affect the automatic serialisation.

[niftylettuce]

PR welcome