Jump to content

How do I get Violation Report (JSON DATA) for Content Security Policy using PHP?


terungwa

Recommended Posts

I implemented the Content-Security-Policy (CSP). I also included the report-uri so it sends a POST request to myserver.com/csp-report.php
test.php

<?php
header("Content-Security-Policy: default-src 'self'; report-uri http://127.0.0.1/csp-report.php");
?>

I attempted to run these two inline scripts in my test.php file.
 

<img src="http://evil.example.com/image.png">
<script>alert('XSS');</script>

nothing is saved in the report-uri file! However, using Firebug, the policy is working as it should.

 

Kindly advise if I have the report-uri synthax wrongly.

 

Thank you

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.