Return 400 on invalid CSP reports

author Filippo Giunchedi <fgiunchedi@wikimedia.org>

Fri, 26 May 2017 10:19:56 +0000 (12:19 +0200)

committer Filippo Giunchedi <fgiunchedi@wikimedia.org>

Fri, 26 May 2017 12:59:45 +0000 (14:59 +0200)
author Filippo Giunchedi <fgiunchedi@wikimedia.org>
Fri, 26 May 2017 10:19:56 +0000 (12:19 +0200)
committer Filippo Giunchedi <fgiunchedi@wikimedia.org>
Fri, 26 May 2017 12:59:45 +0000 (14:59 +0200)
diff --git a/includes/api/ApiCSPReport.php b/includes/api/ApiCSPReport.php

index 4139019..3a78c13 100644 (file)
--- a/includes/api/ApiCSPReport.php
+++ b/includes/api/ApiCSPReport.php
@@ -186,9 +186,9 @@ class ApiCSPReport extends ApiBase {
                         'method' => $method,
                         'user-agent' => $this->getRequest()->getHeader( 'user-agent' )
                 ] );
-               // 500 so it shows up in browser's developer console.
+               // Return 400 on error for user agents to display, e.g. to the console.
                 $this->dieWithError(
-                       [ 'apierror-csp-report', wfEscapeWikiText( $code ) ], 'cspreport-' . $code, [], 500
+                       [ 'apierror-csp-report', wfEscapeWikiText( $code ) ], 'cspreport-' . $code, [], 400
                 );
         }
author	Filippo Giunchedi <fgiunchedi@wikimedia.org>
	Fri, 26 May 2017 10:19:56 +0000 (12:19 +0200)
committer	Filippo Giunchedi <fgiunchedi@wikimedia.org>
	Fri, 26 May 2017 12:59:45 +0000 (14:59 +0200)