Folks using CSP violation reports: are you doing strict MIME-type checking? Would the suggestion in https://github.com/whatwg/fetch/pull/621 … that we add `+json` to the MIME type break you? (/cc @Scott_Helme)
-
-
Replying to @mikewest @Scott_Helme
Google's main CSP collector infrastructure currently checks that the C-T is one of ('application/csp-report', 'application/json', 'application/report'). But we can fix it and given that missing some CSP reports isn't a big deal, I'm not too worried about breakage.
1 reply 0 retweets 4 likes
IOW the people who really care about CSP reports will make the change, and those who don't will likely not be broken in an important way.
8:35 AM - 13 Nov 2017
0 replies
0 retweets
6 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.