NoScript blocks CSP report-uri

Ask for help about NoScript, no registration needed to post
Post Reply
pege
Posts: 2
Joined: Thu Jul 28, 2016 9:34 pm

NoScript blocks CSP report-uri

Post by pege »

NoScript appears to block post requests to report Content-Security-Policy violations. With scripts globally activated, reporting works as expected.

Output from the web console:
Content Security Policy: Tried to send report to invalid URI: “https://csp-reports.tocco.ch/e"
Content Security Policy: The page’s settings blocked the loading of a resource at https://domain.invalid/script.js (“script-src https://master.tocco.ch 'unsafe-inline' 'unsafe-eval'”).

I set up a page for testing: https://master.tocco.ch/noscript-test

Tested with:
NoScript: 2.9.5.2rc5 and 2.9.5.2
Firefox: 50, 52a2, 53a1 and Tor Browser 6.5a5
Mozilla/5.0 (X11; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0
Top
barbaz
Senior Member
Posts: 10847
Joined: Sat Aug 03, 2013 5:45 pm

Re: NoScript blocks CSP report-uri

Post by barbaz »

That's by design - viewtopic.php?f=10&t=20142

Moving to NoScript Support.
*Always* check the changelogs BEFORE updating that important software!
-
Top
Post Reply

Return to “NoScript Support”