Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use report-to with group which configured in the separate header #9440

Merged
merged 2 commits into from
Mar 15, 2024
Merged

Use report-to with group which configured in the separate header #9440

merged 2 commits into from
Mar 15, 2024

Conversation

olksdr
Copy link
Contributor

@olksdr olksdr commented Mar 13, 2024
edited
Loading

According to MDN

The Content-Security-Policy Report-To HTTP response header field instructs the user agent to store reporting endpoints for an origin.

the report-to directive seems need to be configured as following

Content-Security-Policy: …; report-to groupname

and then Report-To header contains the definition of the group with the above defined name

fix: #9199
fix: getsentry/sentry#52794
related to: getsentry/sentry#38940 and getsentry/relay#2645

@oioki just to double check if that makes sense.

We also use the report-to configuration with similar config for NEL and that seems like it works as expected.

@olksdr olksdr requested review from oioki and vivianyentran March 13, 2024 17:23
@olksdr olksdr self-assigned this Mar 13, 2024
@vercel Vercel
Copy link

vercel bot commented Mar 13, 2024
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
sentry-docs ✅ Ready (Inspect) Visit Preview 💬 Add feedback Mar 14, 2024 9:09am

@olksdr olksdr mentioned this pull request Mar 13, 2024
Closed
@olksdr
Copy link
Contributor Author

olksdr commented Mar 14, 2024

@vivianyentran we tested the docs changes and the report-to works as expected.
But there is also a Relay bug which we have to fix to fully support report-to directive. Will put this on my todo list.

vivianyentran
vivianyentran approved these changes Mar 14, 2024
View reviewed changes
Copy link
Contributor

@vivianyentran vivianyentran left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@olksdr olksdr merged commit 2f51304 into master Mar 15, 2024
6 checks passed
@olksdr olksdr deleted the fix/csp-report-to branch March 15, 2024 14:10
@olksdr olksdr mentioned this pull request Mar 15, 2024
Merged
@github-actions github-actions bot locked and limited conversation to collaborators Mar 31, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@oioki oioki oioki approved these changes

@vivianyentran vivianyentran vivianyentran approved these changes

Assignees

@olksdr olksdr

Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@olksdr @oioki @vivianyentran