Skip to content

Add support for Content-Security-Policy-Report-Only header #1283

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
3 tasks done
kumarharsh opened this issue Feb 20, 2019 · 1 comment
Closed
3 tasks done

Add support for Content-Security-Policy-Report-Only header #1283

kumarharsh opened this issue Feb 20, 2019 · 1 comment

Comments

@kumarharsh
Copy link
Contributor

Issue Description

While developing websites, it's a common practice to set the CSP to report-only mode before the set of hosts are finalized. Would it be possible to add support to switch on the report-only mode via a middleware flag or something? Right now, I have to go into middleware.SecureWithConfig code in secure.go file, and manually modify this line:

res.Header().Set(echo.HeaderContentSecurityPolicy, config.ContentSecurityPolicy)

to

res.Header().Set(echo.HeaderContentSecurityPolicy+"-Report-Only", config.ContentSecurityPolicy)

Checklist

  • Dependencies installed
  • No typos
  • Searched existing issues and docs
@alexaandru
Copy link
Contributor

This sounds reasonable to me. Would you mind sending a PR?

kumarharsh pushed a commit to kumarharsh/echo that referenced this issue Feb 21, 2019
feat(secure): support Content-Security-Policy-Report-Only header
cffb271 
Closes labstack#1283
@kumarharsh kumarharsh mentioned this issue Feb 21, 2019
Merged
kumarharsh pushed a commit to kumarharsh/echo that referenced this issue Feb 25, 2019
feat(secure): support Content-Security-Policy-Report-Only header
d1d15da 
Closes labstack#1283
kumarharsh pushed a commit to kumarharsh/echo that referenced this issue Feb 27, 2019
feat(secure): support Content-Security-Policy-Report-Only header
1881ca4 
Closes labstack#1283
vishr pushed a commit that referenced this issue Feb 27, 2019
@kumarharsh @vishr
feat(secure): support Content-Security-Policy-Report-Only header (#1287)
802fb5b 
Closes #1283
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@alexaandru @kumarharsh