johnbillion
commented
9 years ago I'm thinking that rather than try to fit it into an existing policy, we add our own one (eg http-api-src). Plus a new violation location.
Open tollmanz opened 9 years ago
johnbillion
commented
9 years ago I'm thinking that rather than try to fit it into an existing policy, we add our own one (eg http-api-src). Plus a new violation location.
tollmanz
commented
9 years ago Definitely. I think the challenge is displaying it amongst other reports that have all of the usual CSP data.
@johnbillion suggested this. I have made (https://github.com/tollmanz/wordpress-https-mixed-content-detector/pull/23) the prerequisite changes to make this much easier to save data that is passed in via the beacon. We still need to consider how to map this type of request's data on to CSP report data.