Patrick
December 22, 2020, 12:48pm
2
Related to:
singularity:
Why does this happen?
CSP violations reporting because of Content-Security-Policy header. I was setting up Expect-CT , Network_Error_Logging (NEL) and report-to security headers.
I see. Reporting to third party is bad. Open Source self-hosting doesn’t exist (and may in part not be possible, reporting potential TLS issues to the source) (yet?). (Will look into self-hosting but might be too much effort.) Therefore disabled just now.
Related: Trusting the Whonix ™ Website
Currently using:
expect-ct: max-age=604800, report-uri=“Report URI: Welcome to report-uri.com ”
enforce Optional
Signals to the user agent that compliance with the Certificate Transparency policy should be enforced (rather than only reporting compliance) and that the user agent should refuse future connections that violate its Certificate Transparency policy.
When both the enforce directive and the report-uri directive are present, the configuration is referred to as an “enforce-and-r…