- Issue created by @tunic
- 🇪🇸Spain tunic Madrid
It seems the Reporting API module may need a fix also because it seems it sets the report-uri directive as well:
https://git.drupalcode.org/project/reporting/-/blob/2.0.x/src/Plugin/Csp...public function alterPolicy(Csp $policy): void { /** @var \Drupal\reporting\Entity\ReportingEndpointInterface $reportingEndpoint */ $reportingEndpoint = $this->reportingEndpointStorage->load($this->configuration['endpoint']); if ($reportingEndpoint && $reportingEndpoint->status()) { $policy->setDirective('report-uri', $reportingEndpoint->toUrl('log', ['absolute' => TRUE])->toString()); $policy->setDirective('report-to', $reportingEndpoint->id()); } } - Status changed to Closed: works as designed
9 months ago 9:13am 10 July 2024 - 🇨🇦Canada gapple
As also noted prominently on the MDN documentation:
Warning: Though the report-to directive is intended to replace the deprecated report-uri directive, report-to is not yet supported in all browsers. For compatibility, you can specify both report-uri and report-to. In browsers that support report-to, the report-uri directive is ignored.
Firefox does not yet support
report-to, and though Safari is reported as having support, the Reporting API module had a recent bug fix 🐛 Warning: Undefined array key "csp-report" Fixed for handling Safari sending individual reports with content-type expected byreport-uri(instead of a collection of reports to thereport-toendpoint, as Chrome does according to the Reporting standard).CSP module does not (and won't) define a
Reporting-Endpointsheader that is necessary to usereport-to. The sitelog report handler has been removed from CSP 2.x in favour of Reporting API's implementation which provides both reporting directives to support all browsers. Additional reporting handler plugins will be implemented by Reporting API module in the future, and then deprecated from CSP module.