Undefined index in _seckit_csp_report() [#1909846]

Just enabled this module, and set it in CSP report only mode. It's giving me a few PHP notices.

Some extra checks to see if the $report array contains "request" and "request-headers" would be good.

Notice: Undefined index: request i _seckit_csp_report() (rad 181 av sites/all/modules/seckit/seckit.module).
Notice: Undefined index: request-headers i _seckit_csp_report() (rad 182 av sites/all/modules/seckit/seckit.module).

Comment	File	Size	Author
#8	seckit-report_keys-1909846-8.patch	923 bytes	jweowu
#8
#6	seckit-report_keys-1909846-6.patch	993 bytes	jweowu
#6
#4	seckit-report_keys-1909846-4.patch	1.09 KB	jweowu
#4

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Comment #1

p0deje CreditAttribution: p0deje commented 6 February 2013 at 17:42

Assigned:

Unassigned

» p0deje

Thanks for the report!

Can you provide me with the following details:

Browser and its version
Dump of the $reports
Logs from JS console (CSP should report both to report-uri and to console

Comment #2

p0deje CreditAttribution: p0deje commented 28 July 2013 at 10:38

Status:

Active

» Closed (cannot reproduce)

Comment #3

p0deje CreditAttribution: p0deje commented 28 July 2013 at 10:38

Closing due to know info within half a year

Comment #4

jweowu CreditAttribution: jweowu commented 18 September 2013 at 00:53

Status:

Closed (cannot reproduce)

» Needs review

File	Size
seckit-report_keys-1909846-4.patch	1.09 KB

I can reproduce this, and what's more I see a variety of different keys in the JSON depending on the report in question.

I'm attaching a patch which only assumes the presence of 'violated-directive' and 'blocked-uri', and then simply shows the remainder of the data as an array.

This both resolves the notices, and also logs the data that I wouldn't otherwise have seen.

Comment #5

jweowu CreditAttribution: jweowu commented 18 September 2013 at 00:54

Version:

7.x-1.5

» 7.x-1.6

Comment #6

jweowu CreditAttribution: jweowu commented 18 September 2013 at 01:13

File	Size
seckit-report_keys-1909846-6.patch	993 bytes

A slight tweak to the output, and removing some code which was there to remove 'violated-directive' and 'blocked-uri' from the data array (as despite the duplication, I'd concluded it was preferable to display the full array).