Report Sample Injector in Chrome with OffiDocs
Ad
DESCRIPTION
This addon edits incoming CSP header(s) to include the 'report-sample' value for the 'script-src', 'script-src-elem', 'script-src-attr', 'style-src', 'style-src-elem', and 'style-src-attr' directives, only if the specific directive is present and does not include 'report-sample', and the directive 'report-uri' is present with an endpoint specified.
This addon assumes that, if a developer specifies a report-uri endpoint within the CSP, they are interested in receiving violation reports.
However, without an explicit 'report-sample' value for certain directives, the reports might (the behaviour is browser-dependent at the moment) look indistinguishable for different kinds of violations (e.
g.
, inline handlers vs.
inline scripts vs.
javascript URIs for script-src).
The keyword 'report-sample', when specified for certain CSP directives, makes compliant browsers include the first 40 characters of the code that caused the violation in the report that is POSTed to the report-uri endpoint.
By injecting 'report-sample' where it is missing, if report-uri is present, this addon aims to help developers understand which portion of the website code is responsible for the violation(s).
Additional Information:
- Offered by Emanuele Uliana
- Average rating : 0 stars (hated it)
- Developer This email address is being protected from spambots. You need JavaScript enabled to view it.
Report Sample Injector web extension integrated with the OffiDocs Chromium online
