Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Just enabled this module, and set it in CSP report only mode. It's giving me a few PHP notices.
Some extra checks to see if the $report array contains "request" and "request-headers" would be good.
Notice: Undefined index: request i _seckit_csp_report() (rad 181 av sites/all/modules/seckit/seckit.module).
Notice: Undefined index: request-headers i _seckit_csp_report() (rad 182 av sites/all/modules/seckit/seckit.module).
Comment | File | Size | Author |
---|---|---|---|
#8 | seckit-report_keys-1909846-8.patch | 923 bytes | jweowu |
#6 | seckit-report_keys-1909846-6.patch | 993 bytes | jweowu |
#4 | seckit-report_keys-1909846-4.patch | 1.09 KB | jweowu |
Comments
Comment #1
p0deje CreditAttribution: p0deje commentedThanks for the report!
Can you provide me with the following details:
Comment #2
p0deje CreditAttribution: p0deje commentedComment #3
p0deje CreditAttribution: p0deje commentedClosing due to know info within half a year
Comment #4
jweowu CreditAttribution: jweowu commentedI can reproduce this, and what's more I see a variety of different keys in the JSON depending on the report in question.
I'm attaching a patch which only assumes the presence of 'violated-directive' and 'blocked-uri', and then simply shows the remainder of the data as an array.
This both resolves the notices, and also logs the data that I wouldn't otherwise have seen.
Comment #5
jweowu CreditAttribution: jweowu commentedComment #6
jweowu CreditAttribution: jweowu commentedA slight tweak to the output, and removing some code which was there to remove 'violated-directive' and 'blocked-uri' from the data array (as despite the duplication, I'd concluded it was preferable to display the full array).
Comment #7
p0deje CreditAttribution: p0deje commentedThanks for patch, applied and release as 1.7
Comment #8
jweowu CreditAttribution: jweowu commentedThanks. It looks like you applied #4 instead of #6, so here's the changes from #6.
Comment #10
jweowu CreditAttribution: jweowu commentedFixes from #8 committed in dd5a02b8f92f9b03159315824e0766f91a99217f