Report Sample Injector in Chrome with OffiDocs

DESCRIPTION:

Run the Chrome online web store extension Report Sample Injector using OffiDocs Chromium online.

This addon edits incoming CSP header(s) to include the 'report-sample' value for the 'script-src', 'script-src-elem', 'script-src-attr', 'style-src', 'style-src-elem', and 'style-src-attr' directives, only if the specific directive is present and does not include 'report-sample', and the directive 'report-uri' is present with an endpoint specified.

This addon assumes that, if a developer specifies a report-uri endpoint within the CSP, they are interested in receiving violation reports.

However, without an explicit 'report-sample' value for certain directives, the reports might (the behaviour is browser-dependent at the moment) look indistinguishable for different kinds of violations (e.

g.

, inline handlers vs.

inline scripts vs.

javascript URIs for script-src).

The keyword 'report-sample', when specified for certain CSP directives, makes compliant browsers include the first 40 characters of the code that caused the violation in the report that is POSTed to the report-uri endpoint.

By injecting 'report-sample' where it is missing, if report-uri is present, this addon aims to help developers understand which portion of the website code is responsible for the violation(s).

Additional Information:

- Offered by Emanuele Uliana
- Average rating : 0 stars (hated it)
- Developer This email address is being protected from spambots. You need JavaScript enabled to view it.

Report Sample Injector web extension integrated with the OffiDocs Chromium online