DEV: Only include "report-sample" CSP directive when reporting is enabled (#9337)

2025-06-02 14:35:17 +08:00 · 2020-04-02 11:16:38 -04:00
parent ef7753953d
commit 724d2e99de
4 changed files with 10 additions and 5 deletions
--- a/spec/requests/csp_reports_controller_spec.rb
+++ b/spec/requests/csp_reports_controller_spec.rb
@ -29,7 +29,7 @@ describe CspReportsController do
          "line-number": 25,
          "source-file": "http://localhost:3000/",
          "status-code": 200,
-          "script-sample": ""
+          "script-sample": "console.log('unsafe')"
        }
      }.to_json, headers: { "Content-Type": "application/csp-report" }
    end
@ -52,7 +52,7 @@ describe CspReportsController do

    it 'logs the violation report' do
      send_report
-      expect(Rails.logger.warnings).to include("CSP Violation: 'http://suspicio.us/assets.js'")
+      expect(Rails.logger.warnings).to include("CSP Violation: 'http://suspicio.us/assets.js' \n\nconsole.log('unsafe')")
    end
  end
 end