Is there any appetite for accepting a small patch to the Content Security Policy DSL to support the report-to directive?
There was previous discussion to replace report-uri, https://github.com/rails/rails/issues/33561. I agree with the reason for that issue's closure, CSP3 is still only in working draft status and it shouldn't replace report-uri yet. Is there opposition to a simple addition? https://github.com/alexcruice/rails/commit/cff67b42b4fa37899004afe88abf216adfab9ded It would be left to the user to understand the interaction between report-uri and report-to. The spec suggests you use both if you want to leverage the Reporting API, https://www.w3.org/TR/CSP3/#directive-report-uri. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-core+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-core/d60fdac0-44b0-4b4e-b45d-52e2c41ef28e%40googlegroups.com.
