Output CSP-reports.

[gigi.git] / src / org / cacert / gigi / Gigi.java

diff --git a/src/org/cacert/gigi/Gigi.java b/src/org/cacert/gigi/Gigi.java
index b6aa90ebd5386b26f3742d41e7090a10829a297b..22364cb0834a442dbf45e60ff9f21abd4ec59c23 100644 (file)
--- a/src/org/cacert/gigi/Gigi.java
+++ b/src/org/cacert/gigi/Gigi.java
@@ -149,10 +149,14 @@ public class Gigi extends HttpServlet {
                hsr.addHeader("Access-Control-Allow-Origin",
                                "http://cacert.org https://localhost");
                hsr.addHeader("Access-Control-Max-Age", "60");
-               hsr.addHeader("Content-Security-Policy", "default-src 'self' https://"
+               hsr.addHeader("Content-Security-Policy", "default-src 'self' "//
+                               + "https://"
                                + ServerConstants.getStaticHostNamePort()
-                               + ";frame-ancestors 'none'");
-               // ;report-uri https://felix.dogcraft.de/report.php
+                               + ";"
+                               + "frame-ancestors 'none';"//
+                               + "report-uri https://"
+                               + ServerConstants.getApiHostNamePort()
+                               + "/security/csp/report");
 
        }
 }