From ffd4d44ecb2387e215411f278a2c6bc07499995d Mon Sep 17 00:00:00 2001
From: Ry0taK <49341894+Ry0taK@users.noreply.github.com>
Date: Sat, 11 Feb 2023 12:37:39 +0000
Subject: [PATCH] =?UTF-8?q?Content-Security-Policy-Report-Only=E3=82=92?=
 =?UTF-8?q?=E4=BD=BF=E7=94=A8=E3=81=99=E3=82=8B=E3=82=88=E3=81=86=E3=81=AB?=
 =?UTF-8?q?=E5=A4=89=E6=9B=B4?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 packages/backend/src/server/web/ClientServerService.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/backend/src/server/web/ClientServerService.ts b/packages/backend/src/server/web/ClientServerService.ts
index 7f1a43792..a83137f74 100644
--- a/packages/backend/src/server/web/ClientServerService.ts
+++ b/packages/backend/src/server/web/ClientServerService.ts
@@ -178,8 +178,8 @@ export class ClientServerService {
 			const csp = this.config.contentSecurityPolicy
 				?? 'script-src \'self\' \'unsafe-eval\' ' +
 				'https://challenges.cloudflare.com https://hcaptcha.com https://*.hcaptcha.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.recaptcha.net/recaptcha/; ' +
-				'base-uri \'self\'; object-src \'self\';';
-			reply.header('Content-Security-Policy', csp);
+				'base-uri \'self\'; object-src \'self\'; report-uri /csp-error';
+			reply.header('Content-Security-Policy-Report-Only', csp);
 			done();
 		});