This addon edits the csp header(s) to include a missing 'report-sample' for certain directives if a report-uri endpoint is included..
This addon edits incoming csp header(s) to include the 'report-sample' value for the 'script-src', 'script-src-elem', 'script-src-attr', 'style-src', 'style-src-elem', and 'style-src-attr' directives, only if the specific directive is present and does not include 'report-sample', and the directive 'report-uri' is present with an endpoint specified.
This addon assumes that, if a developer specifies a report-uri endpoint within the CSP, they are interested in receiving violation reports. However, without an explicit 'report-sample' value for certain directives, the reports might (the behaviour is browser-dependent at the moment) look indistinguishable for different kinds of violations (e.g., inline handlers vs. inline scripts vs. javascript URIs for script-src).
The keyword 'report-sample', when specified for certain csp directives, makes compliant browsers include the first 40 characters of the code that caused the violation in the report that is POSTed to the report-uri endpoint.
By injecting 'report-sample' where it is missing, if report-uri is present, this addon aims to help developers understand which portion of the website code is responsible for the violation(s).
You can Follow the below Step By Step procedure to install the Report-Sample-Injector Chrome Extension to your Chrome Web browser.
It is the Report-Sample-Injector Chrome extension download link you can download and install Chrome Browser.
Tags: Script Src , Csp Directives , Certain Csp Directives , Different Kinds , Report Sample , Addon Edits , Directive Report Uri , Report Uri Endpoint , Inline Handlers , Report Uri , Csp Header , Developer Specifies , Script Src Script Src , Certain Directives , Include Report Sample , Addon Assumes , Violation Reports ,
A suite of famous mathematical libraries for JavaScript!
Helps to inject JavaScript and CSS from local files
Add a custom useragent string for desired URLs or domains.
Disable window.eval() in all websites and improve your online security!
A injector extension for Chrome users.
The Specless Ad Injector allows publishers to preview high-impact ad formats directly on their site
Easily inject javascript libraries from the console
An extension to inject the WebRTCAcd Prototype code on any page
This extension injects any JS library from CDNJS.com into a page.
Provides Do Not Track (DNT) request HEADER injector to opt in or out of universal tracking for ALL browser requests.