Report-Sample-Injector
大小:8.03KiB版本:v 1.2更新时间:2021-12-21
This addon edits the CSP header(s) to include a missing 'report-sample' for certain directives if a report-uri endpoint is included.
Report-Sample-Injector 的使用方法详解,最全面的教程
Report-Sample-Injector 描述:
用户数:1
分类:开发者工具插件
扩展大小:8.03 KiB
最后更新时间:2021-12-21
版本:v 1.2
Report-Sample-Injector 插件简介:
这是来自Chrome商店的 Report-Sample-Injector 浏览器插件,您可以在当前页面下载它的最新版本安装文件,并安装在Chrome、Edge等浏览器上。
Report-Sample-Injector插件下载方法/流程:
点击下载按钮,关注“扩展迷Extfans”公众号并获取验证码,在网页弹窗中输入验证码,即可下载最新安装文件。
Report-Sample-Injector插件安装教程/方法:
(1)将扩展迷上下载的安装包文件(.zip)解压为文件夹,其中类型为“crx”的文件就是接下来需要用到的安装文件
(2) 从设置->更多工具->扩展程序 打开扩展程序页面,或者地址栏输入 Chrome://extensions/ 按下回车打开扩展程序页面
(3) 打开扩展程序页面的“开发者模式”
(4) 将crx文件拖拽到扩展程序页面,
完成安装如有其它安装问题,
请扫描网站底部二维码与客服联系如有疑问请参考:
https://www.extfans.com/installation/This addon edits incoming CSP header(s) to include the 'report-sample' value for the 'script-src', 'script-src-elem', 'script-src-attr', 'style-src', 'style-src-elem', and 'style-src-attr' directives, only if the specific directive is present and does not include 'report-sample', and the directive 'report-uri' is present with an endpoint specified.
This addon assumes that, if a developer specifies a report-uri endpoint within the CSP, they are interested in receiving violation reports. However, without an explicit 'report-sample' value for certain directives, the reports might (the behaviour is browser-dependent at the moment) look indistinguishable for different kinds of violations (e.g., inline handlers vs. inline scripts vs. javascript URIs for script-src).
The keyword 'report-sample', when specified for certain CSP directives, makes compliant browsers include the first 40 characters of the code that caused the violation in the report that is POSTed to the report-uri endpoint.
By injecting 'report-sample' where it is missing, if report-uri is present, this addon aims to help developers understand which portion of the website code is responsible for the violation(s).