Adding reporting endpoints for uriports.com

andrewlock / NetEscapades.AspNetCore.SecurityHeaders

Small package to allow adding security headers to ASP.NET Core websites

MIT License

701 stars 73 forks source link

Adding reporting endpoints for uriports.com #164

Closed daver77 closed 3 months ago

daver77 commented 3 months ago

What is the correct way of setting up the following with the library

I have this so far but obviously that just adds report-to default; to the CSP, reporting-endpoints: is fine, is this correct?

andrewlock commented 3 months ago

The Report-To header is non-standard and has been deprecated and replaced by Reporting-Endpoints: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Report-To.

The AddReportTo() method adds the report-to directive to the Content-Security-Policy header.

This library doesn't support deprecated headers, so if you want to support the v0 reporting API you'll need to add the Report-To header using AddCustomHeader()