Adding support for report-to directive to Content Security Policy DSL

[Alex Cruice]

Is there any appetite for accepting a small patch to the Content Security Policy DSL to support the report-to directive?

There was previous discussion to replace report-uri, https://github.com/rails/rails/issues/33561. I agree with the reason for that issue's closure, CSP3 is still only in working draft status and it shouldn't replace report-uri yet. Is there opposition to a simple addition?

https://github.com/alexcruice/rails/commit/cff67b42b4fa37899004afe88abf216adfab9ded

It would be left to the user to understand the interaction between report-uri and report-to. The spec suggests you use both if you want to leverage the Reporting API, https://www.w3.org/TR/CSP3/#directive-report-uri.