NoScript appears to block post requests to report Content-Security-Policy violations. With scripts globally activated, reporting works as expected.
Output from the web console:
Content Security Policy: Tried to send report to invalid URI: “https://csp-reports.tocco.ch/e"
Content Security Policy: The page’s settings blocked the loading of a resource at https://domain.invalid/script.js (“script-src https://master.tocco.ch 'unsafe-inline' 'unsafe-eval'”).
I set up a page for testing: https://master.tocco.ch/noscript-test
Tested with:
NoScript: 2.9.5.2rc5 and 2.9.5.2
Firefox: 50, 52a2, 53a1 and Tor Browser 6.5a5
NoScript blocks CSP report-uri
NoScript blocks CSP report-uri
Mozilla/5.0 (X11; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0
Re: NoScript blocks CSP report-uri
*Always* check the changelogs BEFORE updating that important software!
-