all repos — honk @ 8bc4e0cfa1c5bd0a834fb1edc0b4a16c17cf4da9

my fork of honk 

don't report csp violations by default
Ted Unangst tedu@tedunangst.com
Fri, 04 Aug 2023 13:06:24 -0400
commit

8bc4e0cfa1c5bd0a834fb1edc0b4a16c17cf4da9

parent

4627a7cb216839a224d5b55b9f18031dbbb12599

1 files changed, 8 insertions(+), 1 deletions(-)

jump to
M web.goweb.go 
@@ -2560,6 +2560,9 @@ }
 }
 
 func fiveoh(w http.ResponseWriter, r *http.Request) {
+	if !develMode {
+		return
+	}
 	fd, err := os.OpenFile("violations.json", os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0666)
 	if err != nil {
 		elog.Printf("error opening violations! %s", err)

@@ -2606,7 +2609,11 @@ }
 
 func addcspheaders(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		w.Header().Set("Content-Security-Policy", "default-src 'none'; script-src 'self'; connect-src 'self'; style-src 'self'; img-src 'self'; media-src 'self'; report-uri /csp-violation")
+		policy := "default-src 'none'; script-src 'self'; connect-src 'self'; style-src 'self'; img-src 'self'; media-src 'self'"
+		if develMode {
+			policy += "; report-uri /csp-violation"
+		}
+		w.Header().Set("Content-Security-Policy", policy)
 		next.ServeHTTP(w, r)
 	})
 }