Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Content-Security-Policy-Report-Only should show detailed CSP analysis #69

Open
groenroos opened this issue Aug 13, 2024 · 1 comment
Open

Content-Security-Policy-Report-Only should show detailed CSP analysis #69

groenroos opened this issue Aug 13, 2024 · 1 comment
Labels
effort: medium This task is a medium effort. idle Issues and pull requests with no activity for three months. p1 We will address this soon and will provide capacity from our team for it in the next few releases. test: CSP Issues about the Content Security Policy tests

Comments

@groenroos
Copy link

groenroos commented Aug 13, 2024
edited
Loading

What information was incorrect, unhelpful, or incomplete?

When a Content-Security-Policy-Report-Only header is defined, the "CSP analysis" tab is empty, with an "Implement an enforced policy" exception message.

e.g. https://developer.mozilla.org/en-US/observatory/analyze?host=google.com#csp

What did you expect to see?

As discussed in #5, while the flag and the -25 score is correct, the "CSP analysis" tab should still display the full line-by-line CSP analysis as though the header was enforced. This would help with iterating the CSP policy without causing disruption to users.

Do you have any supporting links, references, or citations?

Do you have anything more you want to share?

The discussion in the previous issue resolved to initially create the behaviour that currently exists, and follow up after launch with this described behaviour.

That issue was closed as completed when the first step was implemented (possibly because it satisfied the title of the initial issue?). However, displaying the full CSP analysis does not seem to be implemented yet, and so I thought I'd open a separate issue for that.
@groenroos groenroos added the needs triage Triage needed by staff and/or partners. Automatically applied when an issue is opened. label Aug 13, 2024
@github-actions GitHub Actions
Copy link
Contributor

It looks like this is your first issue. Welcome! 👋 One of the project maintainers will be with you as soon as possible. We appreciate your patience. To safeguard the health of the project, please take a moment to read our code of conduct.

@argl argl added effort: medium This task is a medium effort. p1 We will address this soon and will provide capacity from our team for it in the next few releases. test: CSP Issues about the Content Security Policy tests and removed needs triage Triage needed by staff and/or partners. Automatically applied when an issue is opened. labels Aug 22, 2024
@github-actions github-actions bot added the idle Issues and pull requests with no activity for three months. label Sep 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
effort: medium This task is a medium effort. idle Issues and pull requests with no activity for three months. p1 We will address this soon and will provide capacity from our team for it in the next few releases. test: CSP Issues about the Content Security Policy tests
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@argl @groenroos