Content Security Policy violation details missing on report-uri Content Security Policy violation details missing on report-uri google-chrome google-chrome

Content Security Policy violation details missing on report-uri


node.js google-chrome express content-security-policy body-parser

  • Chrome correctly sends CSP reports "with a Content-Type header field of application/csp-report" according to CSP spec level 2 (https://www.w3.org/TR/CSP/#violation-reports)
  • Other browsers are still sending application/json described in CSP spec level 1
  • I'm accepting reports with nodejs + expressjs + body-parser. By default body-parser only parses requests with content-type: application/json Had to include application/csp-report as a valid content type to parse.

Changed this...

app.use(bodyParser.json());

To this...

app.use(bodyParser.json({type: ['application/json', 'application/csp-report']}));

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last