I use https://report-uri.com/ for Content Security Policy (CSP) reports on my personal website.
Erroneous reports caused by browser extensions flood any usefulness of having reporting.
Examples:
• style-src-elem inline violation on URL that contains no inline CSS
• frame-ancestors violation on a URL that contains no iframes and cite source-file of "safari-web-extension://…"
Is there anything being done by browsers to fix this? Should I just give up on reporting?
@troyhunt @jeremiahlee @jaffathecake
We have filters that should catch many of these, do you have the filters enabled?
@ScottHelme @troyhunt @jaffathecake Ah, I do not. Thanks for the tip.
But I do hope browsers do a better job *not* reporting user environment violations of CSP in the future.
@jeremiahlee @jaffathecake good question for @ScottHelme, but this is really a fault of the extension makers. More: https://www.troyhunt.com/add-ons-extensions-and-csp-violations-playing-nice-with-content-security-policies/