[3.2.0] The report-uri directive has been deprecated

nelmio / NelmioSecurityBundle

Adds extra security-related features in your Symfony application

https://symfony.com/bundles/NelmioSecurityBundle/

MIT License

651 stars 85 forks source link

[3.2.0] The report-uri directive has been deprecated #341

Open directsoftware opened 5 months ago

directsoftware commented 5 months ago

Hello,

I was conducting DAST tests, which returned me the following message: "The report-uri directive has been deprecated in favor of the new report-to directive." Do you have plans to introduce support for the "report-to" directive? Because currently, I don't see such a parameter for configuration.

Seldaek commented 5 months ago

No plans, but PRs welcome, as resources to maintain this bundle are very limited.

martijnc commented 2 months ago

Is there interest from the bundle maintainers to also support the Reporting API Reporting-Endpoints header? While not technically a security header, it is supported for reporting by a number of other security headers (CSP, COOP, COEP, Document Policy, ...). The header is just a list of named endpoints.