X-Content-Security-Policy-Report-Only not working in Firefox 20 -


i have following content security policy defined:

x-content-security-policy-report-only: default-src 'self'; report-uri /foo

if change x-content-security-policy, policy gets enforced , report sent. however, when set report-only, no policy warnings appear in console , no report sent.

i'm aware of bug don't support unsafe-inline , unsafe-eval, rather have use options inline-script eval-script, i'm not using either on page.

i don't know if has it, header being sent x-content-security-policy-report-only, firebug translates x-content-security-policy-report-only - changing case.

also, when supplying both x-content-security-policy , x-content-security-policy-report-only follows:

x-content-security-policy: default-src 'self'; options inline-script; report-uri /csp-report.php x-content-security-policy-report-only: default-src 'self'; report-uri /csp-report.php

the console has warn level message:

report-only csp policy ignored because there other non-report-only csp policies applied.

so it's seeing header, , instead of processing , reporting enforcing other, it's dropping altogether?

uggh - i'd seen bug report before, didn't read , thought unsafe-inline or unsafe-eval problem. https://bugzilla.mozilla.org/show_bug.cgi?id=687086 talks inline script not firing policy because script allowed run. doing testing other things violate policy (such loading script elsewhere) report gets generated , sent.


Comments

Post a Comment

Popular posts from this blog

linux - xterm copying to CLIPBOARD using copy-selection causes automatic updating of CLIPBOARD upon mouse selection -

i've tried various ways coerce xterm (versions 285 , 292) copy selection clipboard clipboard whenever press ctrl-shift-c. promising way far has been, in ~/.xresources, put this: xterm*vt100.translations: #override \ ctrl shift <keypress> c: copy-selection(clipboard) \n\ ctrl shift <keypress> v: insert-selection(clipboard) ctrl-shift-v works perfectly, copying has nuance... if restart xterm, highlighting text puts things in primary clipboard; expected, proper, default behavior. if hit ctrl-shift-c, copies current selection clipboard clipboard. the bug, however, if highlight text after first time pressed ctrl-shift-c, you'll see highlighting copies both primary and clipboard. cannot figure out how stop xterm updating clipboard upon selection... , doesn't make sense me in first place. i said, @ specific point in time, copy selection clipboard... yet starts updating automatically upon selection after doing once... anyone have workaround...
Read more

c++ - qgraphicsview horizontal scrolling always has a vertical delta -

Image
i've subclassed qgraphicsview custom canvas used in cad application. i've reimplemented qgraphicsview::wheelevent check keyboard modifiers control key and, if control key pressed, zoom. i'm trying implement horizontal scroll when user holds shift , uses wheel. the problem i'm having horizontal scrolling always scrolls 0.279. not huge problem, hugely annoying , points else being wrong. so, here questions: is right way implement horizontal scrolling? if not, is? how eliminate delta of 0.279? thanks in advance. code , sample output below void myview::zoom(int delta) { double factor = pow(1.2, delta/abs(delta)); this->scale(factor, factor); } void myview::scrollhorizontal(int level) { qpointf center = maptoscene(viewport()->rect().center()); qdebug() << "center: " << center.x() << ", " << center.y(); centeron(qpointf(center.x() - level, center.y())); } void myview::wheelevent(qwheeleve...
Read more