Security defenses: allow setting Reporting-Endpoints response header for usage e.g. in CSP

### Description

Keycloak should support setting the [Reporting-Endpoints response header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Reporting-Endpoints).

Content Security Policy supports reporting of violations (see [here](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP#enabling_reporting)).


### Discussion

_No response_

### Motivation

The Reporting-Endpoints response header can be used e.g. for Content Security Policy violation reports (see [here](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP#enabling_reporting)).

### Details

Setting the complete reporting endpoint url in the CSP `report-to` directive did not work (at least in Chrome) althoug some examples on MDN are using them.
As a workaround we are setting the Reporting-Endpoints response header in our application gateway, but it would be much simpler to configure CSP and Reporting-Endpoints in one place.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Security defenses: allow setting Reporting-Endpoints response header for usage e.g. in CSP #32078

Description

Discussion

Motivation

Details

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Security defenses: allow setting Reporting-Endpoints response header for usage e.g. in CSP #32078

Description

Description

Discussion

Motivation

Details

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions