CODEWITHSUNDEEP
content-security-policy
Jezen Thomas
Jezen Thomas

Reputation: 13800

What does status 200 mean in a CSP report?

I have the following CSP report:

"csp-report": {
  "effective-directive": "script-src",
  "referrer": "",
  "status-code": 200,
  "original-policy": "img-src 'self' data: https://redacted-development.s3.amazonaws.com https://s3.eu-west-2.amazonaws.com https://app.appzi.io https://cdn.ywxi.net https://randomuser.me;object-src 'none';form-action 'self';frame-ancestors 'none';base-uri 'self';report-uri /report-csp;script-src 'strict-dynamic' 'unsafe-inline' 'nonce-M2EyZTVhMzItNDY5My00YTI5LWE3MzEtM2NjMjdjMjc0ZmQ0' 'nonce-M2JiODg4NWQtODJjNy00MTZjLTkyYzMtZjY1MDIyMDQwYzgw' 'nonce-M2Y3MDQ1YWUtNThiZi00MWI3LTg1NzQtYjg2NDAxMmE1YjZl' 'nonce-MjMyMjUxZGUtZTQ1MS00OGZlLTk2NGYtZGM0NzQwZDBlOGQx' 'nonce-Mjg2M2U1ZTgtZmYyNS00YzllLWI1ZDItODY1NWUxNjIxMzQx' 'nonce-MmMyMmQyNWYtNWU4OC00NjRhLWEzNDYtYjc1NDg4ZTMzOGUy' 'nonce-MzZjZTE4MGItMWQyZi00YzRhLWFhMmQtMjlhMjg1ZTQzZDdl' 'nonce-NDExZTg5MjYtODQ1ZC00ZTE5LThjYmEtYmU3NmY5ZDg2MjI0' 'nonce-NDhiNmU5YjktYzEyYS00NjFjLWJmMWItNzU0MzI2NTlkOGNh' 'nonce-NWI2Yzg1YzktN2JkZC00OGY5LWFhODktZTFhN2MxZTUxNTNj' 'nonce-NzFjNTUzN2YtMWQ3MC00ODY5LWJhYmUtOGYxYjBiZjc0Y2Yx' 'nonce-NzgzNjI3ZDctNWU0ZC00ZWI0LThiN2UtODk5NWFhODNjY2Zj' 'nonce-OTUwNzMyM2EtZmExMS00NjA1LThjNGMtZjQzYTFiZTM4NmQx' 'nonce-OWIxZDNlZGMtZWQxZS00ZjRlLTg4OWYtY2RkOTdiYzFmMDFh' 'nonce-Y2ExZDg4OWEtM2ExOS00NzE0LTk2NjEtZWYzNmQyNzkxZDE2' 'nonce-ZDRkNDc2ZmYtMDQ4Yi00MDY4LWFjOWQtMTZkMmMzYmFhNWQw' 'nonce-ZTU4ZTIxNGItNmZiYy00ODM4LTljZDQtMzhhY2RkZTMxMWE2' 'nonce-ZmYyMzg3ZjgtNjY0Zi00ZDEyLWE0NTMtYWNhMzYzNGE2YmI2'",
  "document-uri": "https://redacted.com/",
  "violated-directive": "script-src 'strict-dynamic' 'unsafe-inline' 'nonce-M2EyZTVhMzItNDY5My00YTI5LWE3MzEtM2NjMjdjMjc0ZmQ0' 'nonce-M2JiODg4NWQtODJjNy00MTZjLTkyYzMtZjY1MDIyMDQwYzgw' 'nonce-M2Y3MDQ1YWUtNThiZi00MWI3LTg1NzQtYjg2NDAxMmE1YjZl' 'nonce-MjMyMjUxZGUtZTQ1MS00OGZlLTk2NGYtZGM0NzQwZDBlOGQx' 'nonce-Mjg2M2U1ZTgtZmYyNS00YzllLWI1ZDItODY1NWUxNjIxMzQx' 'nonce-MmMyMmQyNWYtNWU4OC00NjRhLWEzNDYtYjc1NDg4ZTMzOGUy' 'nonce-MzZjZTE4MGItMWQyZi00YzRhLWFhMmQtMjlhMjg1ZTQzZDdl' 'nonce-NDExZTg5MjYtODQ1ZC00ZTE5LThjYmEtYmU3NmY5ZDg2MjI0' 'nonce-NDhiNmU5YjktYzEyYS00NjFjLWJmMWItNzU0MzI2NTlkOGNh' 'nonce-NWI2Yzg1YzktN2JkZC00OGY5LWFhODktZTFhN2MxZTUxNTNj' 'nonce-NzFjNTUzN2YtMWQ3MC00ODY5LWJhYmUtOGYxYjBiZjc0Y2Yx' 'nonce-NzgzNjI3ZDctNWU0ZC00ZWI0LThiN2UtODk5NWFhODNjY2Zj' 'nonce-OTUwNzMyM2EtZmExMS00NjA1LThjNGMtZjQzYTFiZTM4NmQx' 'nonce-OWIxZDNlZGMtZWQxZS00ZjRlLTg4OWYtY2RkOTdiYzFmMDFh' 'nonce-Y2ExZDg4OWEtM2ExOS00NzE0LTk2NjEtZWYzNmQyNzkxZDE2' 'nonce-ZDRkNDc2ZmYtMDQ4Yi00MDY4LWFjOWQtMTZkMmMzYmFhNWQw' 'nonce-ZTU4ZTIxNGItNmZiYy00ODM4LTljZDQtMzhhY2RkZTMxMWE2' 'nonce-ZmYyMzg3ZjgtNjY0Zi00ZDEyLWE0NTMtYWNhMzYzNGE2YmI2'",
  "blocked-uri": "https://redacted.com/static/js/browser.polyfill.min.js?etag=dp1dNqwV"
    }

The user agent for this report is

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/18.17763

This parses as Edge 18.0 on Windows 10.

It is not clear to me what a status code of 200 means in the context of a CSP report, and this seems not to occur on other browsers.

n.b. The real web address has been redacted.

Upvotes: 0

Views: 464

Answers (2)

mgrattan
mgrattan

Reputation: 11

It seems to me that this only occurs in IE, I don't see this code 200 in either Chrome or Safari.

(I was debugging my CSP using the Report-Uri website. They showed these phenomena only with IE.)

Upvotes: 1

Fantaxico
Fantaxico

Reputation: 98

"status-code" is the HTTP status code of the resource on which the object was instantiated. In your case the status code 200 is output because the request was executed correctly and without errors.

Upvotes: 1

Related Questions