From 7bbc4daf2eb32c40baa294b1d308a0f64b46ebd8 Mon Sep 17 00:00:00 2001
From: dschom <dschomburg@mozilla.com>
Date: Fri, 26 May 2023 09:26:36 -0700
Subject: [PATCH] task(content): Make csp-report.blocked-uri validation check
 less strict

Because:
- We were generating a lot of error on this validation check
- This value is only used in a report, so the uri requirement is mandatory

This Commit:
- Removes the requirement that the string posted is a valid URL
---
 .../fxa-content-server/server/lib/routes/post-csp.js     | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/packages/fxa-content-server/server/lib/routes/post-csp.js b/packages/fxa-content-server/server/lib/routes/post-csp.js
index 0b162eb3ff1..7fc88ff3447 100644
--- a/packages/fxa-content-server/server/lib/routes/post-csp.js
+++ b/packages/fxa-content-server/server/lib/routes/post-csp.js
@@ -26,14 +26,7 @@ const BODY_SCHEMA = {
     .keys({
       // CSP 2, 3 required
       // `eval` and `inline` are specified in CSP 3 and sent by Chrome
-      'blocked-uri': LONG_URI_TYPE.allow('')
-        .allow('asset')
-        .allow('blob')
-        .allow('data')
-        .allow('eval')
-        .allow('inline')
-        .allow('self')
-        .optional(),
+      'blocked-uri': STRING_TYPE.optional(),
       // CSP 2, 3 optional
       'column-number': INTEGER_TYPE.min(0).optional(),
       // CSP 3 required, but not always sent