search

paragonie / csp-builder

Build Content-Security-Policy headers from a JSON file (or build them programmatically)
https://paragonie.com/projects
MIT License
544 stars 39 forks source link

report-uri gets wrongly encoded #60

Closed cleptric closed 1 year ago

cleptric commented 1 year ago

Since version 2.8.0, the report-uri is wrongly encoded when injecting the CSP header.

2.8.0

report-uri https%3A//

2.7.0

report-uri https://...

This leads to a 404 if a CSP violation happens, as the browser prefixes the request with the local URL.

danieltott commented 1 year ago

Same issue here. Filed a PR: #61