Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Issue] 'Report-To' header is deprecated and no longer recommended #39288

Open
2 of 5 tasks
m2-assistant bot opened this issue Oct 22, 2024 · 3 comments · May be fixed by #39278
Open
2 of 5 tasks

[Issue] 'Report-To' header is deprecated and no longer recommended #39288

m2-assistant bot opened this issue Oct 22, 2024 · 3 comments · May be fixed by #39278
Assignees
@WaPoNe
Labels
Area: Framework Component: Csp Issue: Confirmed Gate 3 Passed. Manual verification of the issue completed. Issue is confirmed Priority: P2 A defect with this priority could have functionality issues which are not to expectations. Progress: PR in progress Reported on 2.4.x Indicates original Magento version for the Issue report. Reproduced on 2.4.x The issue has been reproduced on latest 2.4-develop branch

Comments

@m2-assistant
Copy link

m2-assistant bot commented Oct 22, 2024

This issue is automatically created based on existing pull request: #39278: 'Report-To' header is deprecated and no longer recommended

Description (*)

As reported in this document, 'Report-To' header is deprecated and no longer recommended to report CSP violations.
And, in any case, it is not possible to add "report-to " in the 'Content-Security-Policy-Report-Only' header.

Manual testing scenarios (*)

  1. Set CSP in "report-only"
  2. Compile 'Report URI' fields in Configuration > Security > Content Security Policy (CSP) page
  3. Navigate the website in a page that contains some CSP violations
  4. It must be a POST call to Report URI.

Contribution checklist (*)

  • Pull request has a meaningful description of its purpose
  • All commits are accompanied by meaningful commit messages
  • All new or changed code is covered with unit/integration tests (if applicable)
  • README.md files for modified modules are updated and included in the pull request if any README.md predefined sections require an update
  • All automated tests passed successfully (all builds are green)
@m2-assistant m2-assistant bot linked a pull request Oct 22, 2024 that will close this issue
Open
6 tasks
@m2-community-project m2-community-project bot added Issue: ready for confirmation Priority: P2 A defect with this priority could have functionality issues which are not to expectations. labels Oct 22, 2024
@engcom-Bravo engcom-Bravo added the Reported on 2.4.x Indicates original Magento version for the Issue report. label Oct 22, 2024
@engcom-Hotel
Copy link
Contributor

Hello @WaPoNe,

Thanks for the report and collaboration!

We are confirming this issue after going through this documentation.

Thanks

@engcom-Hotel engcom-Hotel added Issue: Confirmed Gate 3 Passed. Manual verification of the issue completed. Issue is confirmed Reproduced on 2.4.x The issue has been reproduced on latest 2.4-develop branch Component: Csp Area: Framework and removed Issue: ready for confirmation labels Oct 22, 2024
@github-jira-sync-bot
Copy link

✅ Jira issue https://jira.corp.adobe.com/browse/AC-13280 is successfully created for this GitHub issue.

@m2-assistant M2 Assistant
Copy link
Author

m2-assistant bot commented Oct 22, 2024

✅ Confirmed by @engcom-Hotel. Thank you for verifying the issue.
Issue Available: @engcom-Hotel, You will be automatically unassigned. Contributors/Maintainers can claim this issue to continue. To reclaim and continue work, reassign the ticket to yourself.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@WaPoNe WaPoNe

Labels
Area: Framework Component: Csp Issue: Confirmed Gate 3 Passed. Manual verification of the issue completed. Issue is confirmed Priority: P2 A defect with this priority could have functionality issues which are not to expectations. Progress: PR in progress Reported on 2.4.x Indicates original Magento version for the Issue report. Reproduced on 2.4.x The issue has been reproduced on latest 2.4-develop branch
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

'Report-To' header is deprecated and no longer recommended WaPoNe/magento2
4 participants
@WaPoNe @engcom-Bravo @engcom-Hotel @github-jira-sync-bot