rails icon indicating copy to clipboard operation
rails copied to clipboard

Parse `application/csp-report` by default

Open choznerol opened this issue 1 year ago • 0 comments


If report-uri is provided in Content-Security-Policy: ... header (e.g. When Rails.application.config.content_security_policy.report_uri is configured), browsers will report CSP violations to report-uri as a JSON object (schema) with a Content-Type: application/csp-report header.

For a Rails user, If he configured config.report_uri pointing to a Rails controller#action, he would also have to do either one of the following:

  1. Write body = JSON.parse(request.body.read) in the corresponding controller action
  2. Add Mime::Type.register('application/csp-report', :json) in config/intializers/mime_type.rb

Since Rails supports Content Security Policy out of the box, I think it would be nice if application/csp-report is also supported by default.

Other Information

This PR may be similar to #44608

choznerol avatar May 31 '22 15:05 choznerol