Allows CSP without a report-uri (!1210) · Merge requests · foodsharing-dev / foodsharing

Nick Sellen requested to merge csp-without-report-uri into master Dec 01, 2019

What does this MR do?

It allows us to configure the site to have a CSP without the report-uri part.

This is because we have found that the CSP reports cause 87% of our sentry quota and are of very little value (a lot of weird/random domains).

Previously if removing CSP_REPORT_URI from the settings, it would cause it to stop sending CSP header entirely. Now, it will still send CSP header, just no report-uri part.

How confident are you it won't break things if deployed?

Should all be good! We have CSP_REPORT_URI set for beta/prod, so should be no change on deployment.

Links to related issues

Checklist

added a test, or explain why one is not needed/possible... erm... sorry I was lazy...
no unrelated changes
asked someone for a code review
joined #foodsharing-beta channel at https://slackin.yunity.org
added an entry to CHANGELOG.md (description, merge request link, username(s))
Once your MR has been merged, you are responsible to update the #foodsharing-beta Slack channel about what has been changed here. They will test your work in different browsers, roles or other settings

Edited Oct 19, 2020 by Chris Oelmueller

Allows CSP without a report-uri

What does this MR do?

How confident are you it won't break things if deployed?

Links to related issues

Checklist

Merge request reports