CSP: specify report-uri.

php-coder · php-coder · commit d6b014cf566b · 2017-09-21T19:33:02.000+02:00
Addressed to #226
diff --git a/src/main/java/ru/mystamps/web/support/spring/security/SecurityConfig.java b/src/main/java/ru/mystamps/web/support/spring/security/SecurityConfig.java
@@ -147,7 +147,8 @@ protected void configure(HttpSecurity http) throws Exception {
 					// 'https://raw.githubusercontent.com' is required for: languages.png
 					+ "img-src 'self' https://cdn.rawgit.com https://raw.githubusercontent.com; "
 					// 'self' is required for: glyphicons-halflings-regular.woff2 from bootstrap
-					+ "font-src 'self'"
+					+ "font-src 'self'; "
+					+ "report-uri https://mystamps.report-uri.io/r/default/csp/reportOnly"
 				).reportOnly();
 	}
 	

Original file line number	Diff line number	Diff line change
`@@ -147,7 +147,8 @@ protected void configure(HttpSecurity http) throws Exception {`
`147`	`147`	`// 'https://raw.githubusercontent.com' is required for: languages.png`
`148`	`148`	`+ "img-src 'self' https://cdn.rawgit.com https://raw.githubusercontent.com; "`
`149`	`149`	`// 'self' is required for: glyphicons-halflings-regular.woff2 from bootstrap`
`150`		`- + "font-src 'self'"`
	`150`	`+ + "font-src 'self'; "`
	`151`	`+ + "report-uri https://mystamps.report-uri.io/r/default/csp/reportOnly"`
`151`	`152`	`).reportOnly();`
`152`	`153`	`}`
`153`	`154`