Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Support for Content-Security-Policy-Report-Only Header #3172

Open
Saturn225 opened this issue Sep 26, 2024 · 0 comments
Open

Add Support for Content-Security-Policy-Report-Only Header #3172

Saturn225 opened this issue Sep 26, 2024 · 0 comments
Labels
enhancement New feature or request

Comments

@Saturn225
Copy link

The Content-Security-Policy-Report-Only header is used to monitor potential violations of Content-Security-Policy (CSP) without enforcing it. This allows developers to test CSP policies by sending violation reports to specified URIs without blocking any resources. Adding this header to ZIO-HTTP would help monitor and secure web applications by detecting security risks without breaking functionality.

Requirements:

  1. Implement support for the Content-Security-Policy-Report-Only header.
  2. Allow setting multiple policies for different resource types (e.g., script-src, img-src, etc.).
  3. Add test cases to ensure correct behavior and conformance with the CSP specification.

Reference:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only
https://content-security-policy.com/report-only/
@Saturn225 Saturn225 added the enhancement New feature or request label Sep 26, 2024
@Saturn225 Saturn225 mentioned this issue Sep 26, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Saturn225