id summary reporter owner description type status priority milestone component version resolution keywords cc 2102 Content security policy violations should not be reported to the server Nicklas Nordborg everyone "I have noticed that during the last weeks, the server logs are full of ""Content security policy"" violation reports. The strange thing is that they all have `""blocked-uri"":""self""`, even though the policy is set to `default-src 'self'`. Investigations indicate that it might be !AdBlock that is causing this. Browsers without !AdBlock installed doesn't cause any log messages. It doesn't help to disable !AdBlock on the BASE site. Checking the DOM there are indeed scripts and event handlers that have been injected by !AdBlock. I don't know why this suddenly appears as ""Content Security Policy"" violations. It could be a new version of !AdBlock or the brower. In any, case I think we there is no need to log this on the server side and that it should be disabled by default. If the server admin still wants logging, it can be enabled by including 'report-uri xxxx' in the CSP directive (configured in web.xml)." enhancement closed minor BASE 3.11.2 web fixed