Item logo image for Report-Sample-Injector

Report-Sample-Injector

ExtensionDeveloper Tools1 user
Item media 1 screenshot

Overview

This addon edits the CSP header(s) to include a missing 'report-sample' for certain directives if a report-uri endpoint is included.

This addon edits incoming CSP header(s) to include the 'report-sample' value for the 'script-src', 'script-src-elem', 'script-src-attr', 'style-src', 'style-src-elem', and 'style-src-attr' directives, only if the specific directive is present and does not include 'report-sample', and the directive 'report-uri' is present with an endpoint specified. This addon assumes that, if a developer specifies a report-uri endpoint within the CSP, they are interested in receiving violation reports. However, without an explicit 'report-sample' value for certain directives, the reports might (the behaviour is browser-dependent at the moment) look indistinguishable for different kinds of violations (e.g., inline handlers vs. inline scripts vs. javascript URIs for script-src). The keyword 'report-sample', when specified for certain CSP directives, makes compliant browsers include the first 40 characters of the code that caused the violation in the report that is POSTed to the report-uri endpoint. By injecting 'report-sample' where it is missing, if report-uri is present, this addon aims to help developers understand which portion of the website code is responsible for the violation(s).

0 out of 5No ratings

Google doesn't verify reviews. Learn more about results and reviews.

Details

  • Version
    1.2
  • Updated
    November 25, 2019
  • Offered by
    Emanuele Uliana
  • Size
    8.03KiB
  • Languages
    English (UK)
  • Developer
    Email
    emanuele.uliana.90@gmail.com
  • Non-trader
    This developer has not identified itself as a trader. For consumers in the European Union, please note that consumer rights do not apply to contracts between you and this developer.

Privacy

The developer has not provided any information about the collection or usage of your data.
Google apps