Fix typo in CSP Report-To header name
Some checks failed
ci/woodpecker/pr/woodpecker Pipeline failed

The header name was Report-To, not Reply-To.

In any case, that's now being changed to the Reporting-Endpoints HTTP
Response Header.
https://w3c.github.io/reporting/#header
https://github.com/w3c/reporting/issues/177

CanIUse says the Report-To header is still supported by current Chrome
and friends.
https://caniuse.com/mdn-http_headers_report-to

It doesn't have any data for the Reporting-Endpoints HTTP header, but
this article says Chrome 96 supports it.
https://web.dev/reporting-api/

(Even though that's come out one year ago, that's not compatible with
Network Error Logging which's still using the Report-To version of the
API)

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
Thomas Citharel 2022-11-04 09:43:13 +01:00
parent 7cfce562a9
commit 4d0a51221a
Signed by untrusted user: tcit
GPG key ID: A061B9DDE0CA0773
2 changed files with 3 additions and 3 deletions

View file

@ -68,7 +68,7 @@ def headers do
] ]
} }
[{"reply-to", Jason.encode!(report_group)} | headers] [{"report-to", Jason.encode!(report_group)} | headers]
else else
headers headers
end end

View file

@ -59,9 +59,9 @@ test "it sends `report-to` & `report-uri` CSP response headers", %{conn: conn} d
assert csp =~ ~r|report-uri https://endpoint.com;report-to csp-endpoint;| assert csp =~ ~r|report-uri https://endpoint.com;report-to csp-endpoint;|
[reply_to] = Conn.get_resp_header(conn, "reply-to") [report_to] = Conn.get_resp_header(conn, "report-to")
assert reply_to == assert report_to ==
"{\"endpoints\":[{\"url\":\"https://endpoint.com\"}],\"group\":\"csp-endpoint\",\"max-age\":10886400}" "{\"endpoints\":[{\"url\":\"https://endpoint.com\"}],\"group\":\"csp-endpoint\",\"max-age\":10886400}"
end end