task(content): Make csp-report.blocked-uri validation check less strict

Because: - We were generating a lot of error on this validation check - This value is only used in a report, so the uri requirement is mandatory This Commit: - Removes the requirement that the string posted is a valid URL
mozilla · May 26, 2023 · 7bbc4da · 7bbc4da
1 parent e306d68
commit 7bbc4da
Showing 1 changed file with 1 addition and 8 deletions.
diff --git a/packages/fxa-content-server/server/lib/routes/post-csp.js b/packages/fxa-content-server/server/lib/routes/post-csp.js
@@ -26,14 +26,7 @@ const BODY_SCHEMA = {
     .keys({
       // CSP 2, 3 required
       // `eval` and `inline` are specified in CSP 3 and sent by Chrome
-      'blocked-uri': LONG_URI_TYPE.allow('')
-        .allow('asset')
-        .allow('blob')
-        .allow('data')
-        .allow('eval')
-        .allow('inline')
-        .allow('self')
-        .optional(),
+      'blocked-uri': STRING_TYPE.optional(),
       // CSP 2, 3 optional
       'column-number': INTEGER_TYPE.min(0).optional(),
       // CSP 3 required, but not always sent