Think we can use exceptionless to collect these?
https://www.veracode.com/blog/2014/03/guidelines-for-setting-security-headers
https://bugs.webkit.org/show_bug.cgi?id=100892
The report is JSON and is generated using the same facility as for the X-WebKit-CSP-Report-Only header. A sample might be:
{ "xss-report": {
"request-url": "http://example.com/vulnerable-page?q=<script>alert(/xss/)</script>",
"request-body": ""
}}
could be useful for other report endpoints that are specified in headers
public key pinning (https://developer.mozilla.org/en-US/docs/Web/Security/Public_Key_Pinning)
Content Security Policy
Content Security Policy
@srijken you want to add them to the events?
My justification is that I am waiting for the library to be more popular before I worry about them too much.
works for me
gets things out quicker
I guess if we were following semver then we would still be like 0.4.1
instead of 4.0
didn’t know this until the other day, but apparently if you are under 1.0 then all breaking change rules are off.
it really isn’t that hard to do from our end, but does feel like they should support it
yeah, they are using that in VSCode already
@ejsmith exceptionless/Exceptionless.Net#91
have you followed the troubleshooting guide in the self hosting wiki?
Please make sure you have .net 4.6.1 instaleld and you are using the elasticsearch.yml file
What are your settings in the app.config.js and web.config
Relating to rewrite rules
Here's my web.config: https://gist.github.com/Mitch528/eee2569f1d456b68136cf8cc442f7c17 and app.config.js https://gist.github.com/Mitch528/d215cb6a6cdee4f5662715c46dccdcae
I'll try reinstalling rewrite and do updates
This message was deleted
hmm that’s seems odd. let me know if installing the rewrite plugin fixes it
if you have any objections let me know :)