search

magento / magento2

Prior to making any Submission(s), you must sign an Adobe Contributor License Agreement, available here at: https://opensource.adobe.com/cla.html. All Submissions you make to Adobe Inc. and its affiliates, assigns and subsidiaries (collectively “Adobe”) are subject to the terms of the Adobe Contributor License Agreement.
http://www.magento.com
Open Software License 3.0
11.57k stars 9.32k forks source link

[Issue] 'Report-To' header is deprecated and no longer recommended #39288

Open m2-assistant[bot] opened 1 month ago

m2-assistant[bot] commented 1 month ago

This issue is automatically created based on existing pull request: magento/magento2#39278: 'Report-To' header is deprecated and no longer recommended

Description (*)

As reported in this document, 'Report-To' header is deprecated and no longer recommended to report CSP violations. And, in any case, it is not possible to add "report-to " in the 'Content-Security-Policy-Report-Only' header.

Manual testing scenarios (*)

  1. Set CSP in "report-only"
  2. Compile 'Report URI' fields in Configuration > Security > Content Security Policy (CSP) page
  3. Navigate the website in a page that contains some CSP violations
  4. It must be a POST call to Report URI.

Contribution checklist (*)

engcom-Hotel commented 1 month ago

Hello @WaPoNe,

Thanks for the report and collaboration!

We are confirming this issue after going through this documentation.

Thanks

github-jira-sync-bot commented 1 month ago

:white_check_mark: Jira issue https://jira.corp.adobe.com/browse/AC-13280 is successfully created for this GitHub issue.

m2-assistant[bot] commented 1 month ago

:white_check_mark: Confirmed by @engcom-Hotel. Thank you for verifying the issue.
Issue Available: @engcom-Hotel, You will be automatically unassigned. Contributors/Maintainers can claim this issue to continue. To reclaim and continue work, reassign the ticket to yourself.