Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

report-uri always returns 404 #169

Open
infomaniac50 opened this issue Jan 26, 2018 · 5 comments
Open

report-uri always returns 404 #169

infomaniac50 opened this issue Jan 26, 2018 · 5 comments

Comments

@infomaniac50
Copy link

I can't seem to get the report-uri feature to work. I have made an demo for this issue. https://github.com/infomaniac50/nelmio-404. If you need anything else let me know.

These tools are installed globally:

  • Composer
  • GNU Make (Not a hard requirement but it makes life easier)
  • Yarn - Used with Symfony Encore dev-server (https://yarnpkg.com/)
  • docker (Only required if you need the User entity)
  • docker-compose (Only required if you need the User entity)

To setup the clone:

cp www/.env.dist www/.env
make
bin/dev-server.sh

Browse http://127.0.0.1:8000 and observe the debug console.

Chrome says something like:

Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' * 'unsafe-inline' 'nonce-a30f973b26b60d57fb5392d734ac710b'". Note that 'unsafe-inline' is ignored if either a hash or nonce value is present in the source list.
POST http://localhost:8000/nelmio/csp/report 404 (Not Found)
```

The first line is for this demo and the second line I don't know.
@sstok
Copy link

sstok commented Feb 18, 2018
edited

The routes are not defined in your application, add this to config/routes.yaml

nelmio_security:
    path:     /nelmio/csp/report
    defaults: { _controller: nelmio_security.csp_reporter_controller:indexAction }
    methods:  [POST]

I guess the Symfony Flex Recipe should be updated 🤔 but I am not sure as this feature is optional.

@infomaniac50
Copy link
Author

I probably tried adding the route at some point and must have forgot to clear the cache.

@infomaniac50
Copy link
Author

infomaniac50 commented Feb 20, 2018
edited

I guess the Symfony Flex Recipe should be updated thinking but I am not sure as this feature is optional.

I prefer to keep the console as clean as possible. If the default setup throws errors without it, the route should probably be in the recipe. Library consumers can restore their configs from git if they don't like it.

Also once it gets configured by Symfony it won't run again unless the package is removed or something happens to vendor/ and symfony.lock.

@sstok
Copy link

sstok commented Feb 20, 2018

👍 for updating the Symfony Flex recipe. https://github.com/symfony/recipes/tree/master/nelmio/security-bundle

@ls-philippe-gamache
Copy link

This should be in an optional bundle.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@infomaniac50 @sstok @ls-philippe-gamache