5143: CSP: request-uri is deprecated - Composr CMS feature tracker

ID	Project	Category	View Status	Date Submitted	Last Update

5143	Composr	core	public	2022-12-14 09:05	2022-12-15 16:35

Reporter	PDStig	Assigned To	Guest
Priority	normal	Severity	feature
Status	new	Resolution	open

Summary	5143: CSP: request-uri is deprecated
Description	The request-uri directive in CSP, which is what we are using, is deprecated. Use report-to instead. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/report-uri
Tags	No tags attached.
Attach Tags	(Separate by ",")

Time estimation (hours)
Sponsorship open

Date Added	Member	Amount Sponsored

Chris Graham 2022-12-15 16:32 administrator ~7789	All browsers support CSP's request-uri, but Firefox doesn't support the Reporting API which report-to depends on. It's been behind a flag for years, and now isn't even available behind a flag because the implementation is outdated (https://bugzilla.mozilla.org/show_bug.cgi?id=1775194). So makes sense to hold off on this.

Chris Graham 2022-12-15 16:34 administrator ~7790	I've disabled CSP reporting for regular users via https://gitlab.com/composr-foundation/composr/-/commit/65ec77311484d4404d1c9b143f6dbec2eac3fabc so to avoid console errors.

View Status	Private (for security issues or disclosing of private information; if you submit as a guest, you will not be able to see your submission)
Note
Upload Files Maximum size: 32,768 KiB	Attach files by dragging & dropping, selecting or pasting them.
You are not logged in	You are not logged in. This means you will not get any e-mail notifications. And if you reply, we will not know for sure you are the original poster of the issue.

Date Modified	Username	Field	Change
2022-12-14 09:05	PDStig	New Issue
2022-12-15 16:32	Chris Graham	Note Added: 0007789
2022-12-15 16:34	Chris Graham	Note Added: 0007790
2022-12-15 16:35	Chris Graham	Severity	Trivial Bug => Feature or Request