From c321e246d843e05c803c874d18e6529b315c747b Mon Sep 17 00:00:00 2001
From: Mic <mic@secureideas.com>
Date: Tue, 12 May 2020 22:16:14 -0400
Subject: [PATCH] Add CSP report-uri to demo reporting

---
 client.csp.demo/app.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/client.csp.demo/app.js b/client.csp.demo/app.js
index 8172e64..8b7e69a 100644
--- a/client.csp.demo/app.js
+++ b/client.csp.demo/app.js
@@ -26,6 +26,7 @@ global.cspDirectives = { 'default-src': `'self'`, 'use-default-src': 'on' }
 const globalCsp = (req, res, next) => {
   if(global.csp.trim().length > 0) {
     res.set('Content-Security-Policy', global.csp.replace(/\$nonce/g, res.nonce))
+    res.set('Content-Security-Policy-Report-Only', 'report-uri /csp-report; ' + global.csp.replace(/\$nonce/g, res.nonce))
   }
   next()
 }