Daily Archives: Nisan 10, 2024

Why is a domain specified in a CSP default-src being reported as a script-src-elem violation?

I have a Content-Security-Policy-Report-Only: header of:
default-src ‘report-sample’ ‘self’ *.googleapis.com; object-src ‘none’; report-uri https://example.com/csp_logger;

but violations are being reported to my csp_logger endpoint, speci…