Cannot use report-uri in http-equiv

mittalyashu · April 19, 2019, 7:45pm

In my electron application, I am getting this error

I tried fixing it by adding a header to index.ejs file

<head>
	<meta http-equiv="Content-Security-Policy"
		content="default-src 'none'; report-uri https://sentry.io/api/1422446/security/?sentry_key=c3fb5f4c94aa4921a71b5fb887e1cfac">
</head>

But even after I am getting an error

Content Security Policies delivered via a <meta> element may not contain the `report-uri` directive.

c0nrad · November 4, 2021, 4:26pm

The report-uri directive is not supported when delivering CSP through a meta tag. See relevant section in the csp spec.

To use the report-uri directive you will need to send the policy through an HTTP header.

Good luck,
Stuart
csper.io, csp made easy

Topic	Replies	Views
Reporting CSP violations (+ from chrome extension)	1489	March 27, 2019
NEL Integration SDKs	801	July 12, 2020
Ideal usage of Content-Security-Policy (CSP)	1933	June 9, 2017
CSP report headers truncated	580	December 1, 2021
CSP discrepancies SDKs	1256	May 29, 2020

Cannot use report-uri in http-equiv

Related Topics