When triggering default-src, report type of violation

When I receive a CSP report that was triggered by a default-src violation
Then I would like to receive data indicating what type of violation

When applying a policy, I copy default-src into any directive that doesn't
have a value so when I receive the report, I know what type of violation
occurred. With inline/eval, this isn't an issue because it's obviously
script and script-src is usually defined anyhow :)

Without this, I cannot tell whether it was a frame-src, font-src,
connect-src, etc. violation because all I see is default-src in the
violated directive field.


Received on Tuesday, 15 January 2013 02:14:26 UTC