Undefined index: column-number

[boionfire81-zz]

Using Chrome. None of the attempts seem to be making it beyond this error.

[boionfire81-zz]

Header set Report-To: {"group":"default","max_age":31536000,"endpoints":[{"url":"https://domain.com/report-to"}],"include_subdomains":true}
Header set Content-Security-Policy: "default-src 'self'; script-src 'self'; object-src 'none'; style-src 'self'; img-src 'self'; media-src 'self'; frame-src 'none'; font-src 'self'; connect-src 'none'; report-uri https://domain.com/report-to"
Header set X-Content-Security-Policy: "default-src 'self'; script-src 'self'; object-src 'none'; style-src 'self'; img-src 'self'; media-src 'self'; frame-src 'none'; font-src 'self'; connect-src 'none'; report-uri https://domain.com/report-to"
Header set X-WebKit-CSP: "default-src 'self'; script-src 'self'; object-src 'none'; style-src 'self'; img-src 'self'; media-src 'self'; frame-src 'none'; font-src 'self'; connect-src 'none'; report-uri https://domain.com/report-to"

[Zenexer]

That's a JavaScript error, not an error with your CSP/Report-To configuration. One of your scripts is broken.

[boionfire81-zz]

Why would it leave just one undefined variable of the column-number?

[Zenexer]

Huh? I'm not really sure what you're asking. JavaScript code is attempting to do something along the lines of someVariable['column-number'], where someVariable doesn't contain the key 'column-number'. In reality, 'column-number' is probably stored in another variable, so it might be difficult to locate. Use your browser's JavaScript debugging and inspector tool to location the issue.

Regardless of the issue, this is unrelated to CSP. You're probably receiving reports of it as a result of Report-To; without Report-To, you might just never receive them. That doesn't mean the error isn't there; you're just not being notified of it.

Unless you're encountering this with the PHP parsing scripts? If so, you'd have to specify which one. There are a lot of utilities and info files in this repo; there's no way for anyone else to know which one you're using.

[boionfire81-zz]

No, that is the problem. I get an error log for every page visit that column-name is not defined in report-to. My only js inside the member area so far is jquery.

[boionfire81-zz]

column-number is value passed via the visitor & server & report-to. But the value I'm guessing is not being picked up properly within report-to. PHP is 7.2. Running Unix/Godaddy

[Zenexer]

It's hard to understand what you're saying; you're not providing a lot of information to go on, and some of what you're saying doesn't make sense at all. (Just as a blatant example, your server definitely isn't "running Unix/Godaddy"--I get what you mean here--it's running Linux, not Unix, and is hosted with GoDaddy--but in other cases I'm having a hard time deciphering your message, such as in the case of "passed via the visitor & server & report-to".)

I'm assuming you're getting the error on line 64 of csp-parser-with-database.php, as that's the only place it could make sense if you're certain it's within the PHP. The code in that file is very bad for numerous reasons; I wouldn't recommend using it. I was about to suggest using csp-parser-with-database-pdo.php instead, but that has its own issues. None of these seems to be production-grade code; if you plan to use this on a real website, use it only as a reference and write your own code. If you really must use one of those two files, use the PDO version, as the mysqli one doesn't use prepared statements and doesn't check for nonexistent array keys.

To be clear, those two files look like they were whipped up quickly just to test CSP report parsing. They're definitely not meant to be used long-term on a production website.

[nico3333fr]

@Zenexer how would you update these files?