<feed xmlns='http://www.w3.org/2005/Atom'>
<title>cccms/app/controllers/csp_reports_controller.rb, branch master</title>
<subtitle>[no description]</subtitle>
<id>https://erdgeist.org/gitweb/cccms/atom?h=master</id>
<link rel='self' href='https://erdgeist.org/gitweb/cccms/atom?h=master'/>
<link rel='alternate' type='text/html' href='https://erdgeist.org/gitweb/cccms/'/>
<updated>2026-07-18T14:30:31Z</updated>
<entry>
<title>Emit a report-only Content-Security-Policy with nonced inline scripts</title>
<updated>2026-07-18T14:30:31Z</updated>
<author>
<name>erdgeist</name>
<email>erdgeist@erdgeist.org</email>
</author>
<published>2026-07-18T14:30:31Z</published>
<link rel='alternate' type='text/html' href='https://erdgeist.org/gitweb/cccms/commit/?id=0c6783816e0a7a8acad922296d3eb8cc454fb981'/>
<id>urn:sha1:0c6783816e0a7a8acad922296d3eb8cc454fb981</id>
<content type='text'>
- dark-mode restore now travels nonced, the admin constants likewise
- AUTH_TOKEN deleted in favour of the csrf meta tag
- new report collector at /csp_reports
</content>
</entry>
</feed>
