From c32160105417b23e1a8507394f3f10b8c5101c6e Mon Sep 17 00:00:00 2001
From: labkey-tchad <tchad@labkey.com>
Date: Mon, 29 Jan 2024 10:38:23 -0800
Subject: [PATCH] Add ${CSP.REPORT.PARAMS} to sample CSP report-uri directives

---
 server/configs/application.properties | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/server/configs/application.properties b/server/configs/application.properties
index 8fa5323bb1..af47734833 100644
--- a/server/configs/application.properties
+++ b/server/configs/application.properties
@@ -91,7 +91,7 @@ spring.main.banner-mode=off
 #    base-uri 'self' ;\
 #    upgrade-insecure-requests ;\
 #    frame-ancestors 'self' ;\
-#    report-uri https://www.labkey.org/admin-contentsecuritypolicyreport.api ;
+#    report-uri https://www.labkey.org/admin-contentsecuritypolicyreport.api?${CSP.REPORT.PARAMS} ;
 
 # example usage 2 - less strict but enforces directives, (NOTE: unsafe-inline is still required for many modules)
 
@@ -106,7 +106,7 @@ spring.main.banner-mode=off
 #    base-uri 'self' ;\
 #    upgrade-insecure-requests ;\
 #    frame-ancestors 'self' ;\
-#    report-uri  https://www.labkey.org/admin-contentsecuritypolicyreport.api ;
+#    report-uri  https://www.labkey.org/admin-contentsecuritypolicyreport.api?${CSP.REPORT.PARAMS} ;
 
 # Default CSP for TeamCity and dev deployments
 #setupTask#csp.report=\
@@ -119,7 +119,7 @@ spring.main.banner-mode=off
 #setupTask#    script-src 'unsafe-eval' 'strict-dynamic' 'nonce-${REQUEST.SCRIPT.NONCE}' ;\
 #setupTask#    base-uri 'self' ;\
 #setupTask#    frame-ancestors 'self' ;\
-#setupTask#    report-uri /admin-contentsecuritypolicyreport.api ;
+#setupTask#    report-uri /admin-contentsecuritypolicyreport.api?${CSP.REPORT.PARAMS} ;
 
 # Use a non-temp directory for tomcat
 #setupTask#server.tomcat.basedir=@@pathToServer@@/build/deploy/embedded