-
-
Notifications
You must be signed in to change notification settings - Fork 744
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Content-Type: application/csp-report [improvement Request] #1024
Comments
I think it might be beneficial to get supported types to the config file, so it can easily support also vendor specific json types (https://en.wikipedia.org/wiki/Media_type#Vendor_tree). |
@zaterio does the response need to match the request type ( @Martin456 agreed. |
This setting defaults to ['application/json']. Useful for supporting vendor-specific Content-Type headers. Responses will still carry application/json. Closes #1024.
I pushed support for |
This setting defaults to ['application/json']. Useful for supporting vendor-specific Content-Type headers. Responses will still carry application/json. Closes #1024.
This setting defaults to ['application/json']. Useful for supporting vendor-specific Content-Type headers. Responses will still carry application/json. Closes #1024.
This setting defaults to ['application/json']. Useful for supporting vendor-specific Content-Type headers. Responses will still carry application/json. Closes #1024.
Thanks for the excellent work and the new improvements!!
I am capturing CSP reports via eve. However, the specification is not evenly adopted among the User-Agents.
For example some user-agents (Safari, Chrome) makes posts with: Content-Type: application/csp-report, In this case eve responds:
{"_status": "ERR", "_error": {"message": "Unknown or no Content-Type header supplied", "code": 400}}
(Not allowed in eve/methods/common.py )
In other cases, the user agents post with: Content-Type: application/json, and eve responds with 201.
MDN specification indicates that the format for csp reports is always json.
I would like to request the improvement, which allows the content-type "application/csp-report" to be treated such as "application/json", in eve/methods/common.py.
Regards.
Ref: github/secure_headers#79
The text was updated successfully, but these errors were encountered: