uiwebview - WebViewProgressProxy violates Content Security Policy (CSP) rules -
we started using content security policy (csp) on our website , noticed many users violates csp rules through webviewprogressproxy urls. in such cases receive following report csp:
{"csp-report":{ "document-uri":"http://example.com/en/booking/b2", "referrer":"http://example.com/en/booking/b1/nnn", "violated-directive":"default-src 'self'", "original-policy":"default-src 'self'; font-src data: 'self'; img-src 'self' www.google-analytics.com data: s3.amazonaws.com; script-src 'self' www.google-analytics.com; report-uri /cspreport", "blocked-uri":"webviewprogressproxy://", "source-file":"http://example.com/en/booking/b2", "line-number":1 }} user-agent: mozilla/5.0 (iphone; cpu iphone os 8_1_2 mac os x) applewebkit/600.1.4 (khtml, gecko) mobile/12b440 [fban/messengerforios;fbav/28.1.0.50.260;fbbv/10708012;fbdv/iphone7,2;fbmd/iphone;fbsn/iphone os;fbsv/8.1.2;fbss/2; fbcr/giffgaff;fbid/phone;fblc/en_us;fbop/5] as can see, there url webviewprogressproxy protocol. however, don't use protocol , when @ user-agent, seems facebook application on ios causes error, i'm not sure this.
do know causes kind of error , how can avoid this?
Comments
Post a Comment