From issues-return-34454-apmail-struts-issues-archive=struts.apache.org@struts.apache.org  Wed Aug 19 20:07:25 2020
Return-Path: <issues-return-34454-apmail-struts-issues-archive=struts.apache.org@struts.apache.org>
X-Original-To: apmail-struts-issues-archive@locus.apache.org
Delivered-To: apmail-struts-issues-archive@locus.apache.org
Received: from mailroute1-lw-us.apache.org (mailroute1-lw-us.apache.org [207.244.88.153])
	by minotaur.apache.org (Postfix) with ESMTP id 7A17419A62
	for <apmail-struts-issues-archive@locus.apache.org>; Wed, 19 Aug 2020 20:07:25 +0000 (UTC)
Received: from mail.apache.org (localhost [127.0.0.1])
	by mailroute1-lw-us.apache.org (ASF Mail Server at mailroute1-lw-us.apache.org) with SMTP id 1B4A212592B
	for <apmail-struts-issues-archive@locus.apache.org>; Wed, 19 Aug 2020 20:07:25 +0000 (UTC)
Received: (qmail 73339 invoked by uid 500); 19 Aug 2020 20:07:24 -0000
Delivered-To: apmail-struts-issues-archive@struts.apache.org
Received: (qmail 73317 invoked by uid 500); 19 Aug 2020 20:07:24 -0000
Mailing-List: contact issues-help@struts.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:issues-help@struts.apache.org>
List-Unsubscribe: <mailto:issues-unsubscribe@struts.apache.org>
List-Post: <mailto:issues@struts.apache.org>
List-Id: <issues.struts.apache.org>
Reply-To: dev@struts.apache.org
Delivered-To: mailing list issues@struts.apache.org
Received: (qmail 73257 invoked by uid 99); 19 Aug 2020 20:07:24 -0000
Received: from ec2-52-202-80-70.compute-1.amazonaws.com (HELO gitbox.apache.org) (52.202.80.70)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 19 Aug 2020 20:07:24 +0000
From: =?utf-8?q?GitBox?= <git@apache.org>
To: issues@struts.apache.org
Subject: =?utf-8?q?=5BGitHub=5D_=5Bstruts=5D_aleksandr-m_commented_on_a_change_in_pul?=
 =?utf-8?q?l_request_=23430=3A_WW-5084=3A_Add_Content_Security_Policy_suppor?=
 =?utf-8?q?t_to_Struts?=
Message-ID: <159786764450.32230.1104661171253546765.asfpy@gitbox.apache.org>
Date: Wed, 19 Aug 2020 20:07:24 -0000
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
In-Reply-To: <struts.430.MDExOlB1bGxSZXF1ZXN0NDU3ODMyOTY4.gitbox@gitbox.apache.org>
References: <struts.430.MDExOlB1bGxSZXF1ZXN0NDU3ODMyOTY4.gitbox@gitbox.apache.org>


aleksandr-m commented on a change in pull request #430:
URL: https://github.com/apache/struts/pull/430#discussion_r473288542



##########
File path: core/src/main/resources/struts-default.xml
##########
@@ -377,6 +378,10 @@
                 <interceptor-ref name="alias"/>
                 <interceptor-ref name="servletConfig"/>
                 <interceptor-ref name="i18n"/>
+                <interceptor-ref name="cspInterceptor">
+                    <param name="enforcingMode">false</param>
+                    <param name="reportUri">/csp-reports</param>

Review comment:
       This is the default stack, meaning that report uri will be set for all applications using it. If there is no `/csp-reports` action then what will happen? 404?
   
   Also (slim chances but still) what if application already has action with that exact name, but for some other stuff?




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org