-
-
Notifications
You must be signed in to change notification settings - Fork 46
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for Reporting API and NEL header #49
Comments
Hi @arxeiss, Thanks for suggestion. I will add NEL Header is still in Editor's Draft(https://w3c.github.io/network-error-logging/). I think we should at least wait for it become Working Draft. W3C Maturity Levels: https://www.w3.org/2019/Process-20190301/#maturity-levels |
NEL Header is already supported by Chrome on all platforms including Android, but I understand your opinion about adding it when it becomes working draft. |
You already support the
report-to
attribute at CSP. However, this attribute accepts key fromReport-To
header like shown in this site in examples: developer.mozilla.org.What do you think about adding the possibility to set the
Report-To
standalone header as well? It can report more issues with your site, see https://docs.report-uri.com/setup/reporting-api/.And maybe add NEL Header too? This is not really security header but can help with debugging bad HTTPS certificate etc https://report-uri.com/products/network_error_logging
What do you think about those headers? At least Report-To header could be useful, otherwise, the
report-to
attribute at CSP is useless.The text was updated successfully, but these errors were encountered: