bakkot
commented
2 years ago Which website are you trying?
Closed ghost closed 2 years ago
bakkot
commented
2 years ago Which website are you trying?
ghost
commented
2 years ago this website https://nieuwsbericht.eu/ I know that report-uri is an old and that report-to new is. Only on https://cspvalidator.org does he indicate that as an error from CSP and that is strange.
But there is more than that, when you ajust the CSP that the website look the script block, and distort the entire website. This is also reflected in the menu, which is therefore not easy to get.
bakkot
commented
2 years ago That page does not appear to have a CSP at all.
ghost
commented
2 years ago This are the website where I test the website
https://securityheaders.com/?q=https%3A%2F%2Fnieuwsberichten.eu%2F&followRedirects=on https://www.immuniweb.com/websec/
This is the CSP
The complete htaccess file can be found here https://tinyurl.com/yeujpzhj
bakkot
commented
2 years ago https://nieuwsberichten.eu/ is a different URL than you gave previously.
What I see from CSP Validator for that page is
Policy contains more than one report-uri directive. All but the first instance will be ignored.
This is correct. It doesn't make the policy invalid, but it's still a bug, because the second one isn't doing anything. The other tools you tried just aren't giving you a warning about this bug.
Why does the CPS validator here on this website gives https://cspvalidator.org a false result, when I check this on the website https://csp-evaluator.withgoogle.com/
end on this website https://observatory.mozilla.org/analyze/
everything is good