Add back report_uri CSP directive until Reporting API stabilises
#16
Comments
|
Thanks for the suggestion, I'll get this added! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
While the
report_uridirective is deprecated, currentlyReport-Toheader required forreport-todirective was removed from spec before it even became a Candidate Recommendation. Instead, current ED of Reporting API has aReporting-Endpointsheader that doesn't use the JSON values like the previous one, instead opting for a simplergroupname="url"syntax (with ability to add multiple comma-separated entries).Considering that according to caniuse only about 70% of users have support for
Report-Toheader, while over 93% supportreport-uridirective, for nowreport-uriseems to be more widely supported and could even live longer thanReport-Toheader.It can be added as a custom directive, but I think it'd be a good idea to re-add it as a normal directive.
report-toCSP directive is still the way to go in the future, but for now it's much less practical due to its companion header not being truly widely supported yet and on its way to be replaced soon.The text was updated successfully, but these errors were encountered: