I use report-uri.com/ for Content Security Policy (CSP) reports on my personal website.

Erroneous reports caused by browser extensions flood any usefulness of having reporting.

Examples:
• style-src-elem inline violation on URL that contains no inline CSS
• frame-ancestors violation on a URL that contains no iframes and cite source-file of "safari-web-extension://…"

Is there anything being done by browsers to fix this? Should I just give up on reporting?

/cc @jaffathecake @troyhunt

@troyhunt @jeremiahlee @jaffathecake

We have filters that should catch many of these, do you have the filters enabled?

@ScottHelme @troyhunt @jaffathecake Ah, I do not. Thanks for the tip.

But I do hope browsers do a better job *not* reporting user environment violations of CSP in the future.

Sign in to participate in the conversation
Librem Social

Librem Social is an opt-in public network. Messages are shared under Creative Commons BY-SA 4.0 license terms. Policy.

Stay safe. Please abide by our code of conduct.

(Source code)

image/svg+xml Librem Chat image/svg+xml