terungwa Posted October 20, 2014 Share Posted October 20, 2014 I implemented the Content-Security-Policy (CSP). I also included the report-uri so it sends a POST request to myserver.com/csp-report.phptest.php <?php header("Content-Security-Policy: default-src 'self'; report-uri http://127.0.0.1/csp-report.php"); ?> I attempted to run these two inline scripts in my test.php file. <img src="http://evil.example.com/image.png"> <script>alert('XSS');</script> nothing is saved in the report-uri file! However, using Firebug, the policy is working as it should. Kindly advise if I have the report-uri synthax wrongly. Thank you Link to comment https://forums.phpfreaks.com/topic/291952-how-do-i-get-violation-report-json-data-for-content-security-policy-using-php/ Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.