I had trouble with Content-Security-Policy reporting on a password protected staging environment in combination with Firefox. I found a nice solution and blogged about it:
https://www.koehnlein.eu/en/blog/2024/csp-reporting-basic-auth/
Bypass basic authentication for Content-Security-Policy reporting requests
This modification in your server configuration disables the basic authentication for Content-Security-Policy reports to also allow Firefox browser to submit them in a basic auth protected environment.www.koehnlein.eu
This entry was edited (2 weeks ago)
Daniel Siepmann likes this.
reshared this
Daniel Siepmann
in reply to Albrecht Köhnlein 🚀 • •Thanks for sharing :) I guess Firefox added a layer of security. It no longer passes basic auth in URLs.
It would ask you whether it was expected in order to be confirmed by a user. But that doesn't we to work for those inner requests.
Just as an possible explanation why your, and mine, favourite browser doesn't "support" that.