The Content-Security-Policy-Report-Only header is used to monitor potential violations of Content-Security-Policy (CSP) without enforcing it. This allows developers to test CSP policies by sending violation reports to specified URIs without blocking any resources. Adding this header to ZIO-HTTP would help monitor and secure web applications by detecting security risks without breaking functionality.
Requirements:
Implement support for the Content-Security-Policy-Report-Only header.
Allow setting multiple policies for different resource types (e.g., script-src, img-src, etc.).
Add test cases to ensure correct behavior and conformance with the CSP specification.
The Content-Security-Policy-Report-Only header is used to monitor potential violations of Content-Security-Policy (CSP) without enforcing it. This allows developers to test CSP policies by sending violation reports to specified URIs without blocking any resources. Adding this header to ZIO-HTTP would help monitor and secure web applications by detecting security risks without breaking functionality.
Requirements:
Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only https://content-security-policy.com/report-only/