Created
June 25, 2013 06:08
-
-
Save evilpacket/5856305 to your computer and use it in GitHub Desktop.
CSP and FF 21.0
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
So on FF 21.0 I set the following header X-Content-Security-Policy I get the following error message in the console. | |
``` | |
The X-Content-Security-Policy and X-Content-Security-Report-Only headers will be deprecated in the future. Please use the Content-Security-Policy and Content-Security-Report-Only headers with CSP spec compliant syntax instead. | |
``` | |
If I set the Content-Security-Policy header it does not honor the policy. | |
Additionally report only does not appear to work at all in FF 21.0 | |
I tried to set all the following variants with no success in getting it to report to report-uri: "/report" | |
- X-Content-Security-Report-Only (as specified in the error msg) | |
- X-Content-Security-Policy-Report-Only | |
- Content-Security-Report-Only | |
- Content-Security-Policy-Report-Only | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment