Skip to content

Commit

Permalink
update: report-uri deprecated
Browse files Browse the repository at this point in the history
  • Loading branch information
Elie Saad committed Apr 29, 2019
1 parent 9270f5e commit 63ef4d6
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions cheatsheets/Content_Security_Policy_Cheat_Sheet.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,8 +91,8 @@ Navigation directives instruct the browser about the locations that the document
Reporting directives deliver violation of prevented behaviors to specified locations. These directives serve no purpose on their own and are dependent on other directives.

- `report-to` which is a groupname defined in the header in a json formatted header value. Does not have proper browser support yet.
- [MDN report-to documentation](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/report-to#Examples)
- `report-uri` directive will be getting deprected by `report-to`, which is a URI that the reports are sent to.
- [MDN report-to documentation](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/report-to)
- `report-uri` directive is deprecated by `report-to`, which is a URI that the reports are sent to.
- Goes by the format of: `Content-Security-Policy: report-uri https://example.com/csp-reports`

In order to ensure backward compatibility, use the 2 directives in conjonction. Whenever a browser supports `report-to`, it will ignore `report-uri`. Otherwise, `report-uri` will be used.
Expand Down

0 comments on commit 63ef4d6

Please sign in to comment.