From: Filippo Giunchedi <fgiunchedi@wikimedia.org>
Date: Fri, 26 May 2017 10:19:56 +0000 (+0200)
Subject: Return 400 on invalid CSP reports
X-Git-Tag: 1.31.0-rc.0~3109^2
X-Git-Url: http://git.cyclocoop.org/data/%24oldEdit?a=commitdiff_plain;h=ba614300bca5d3fc51e809a1d1b76dc26fa0ec89;p=lhc%2Fweb%2Fwiklou.git

Return 400 on invalid CSP reports

Not really a server error since there's nothing we can do about invalid
user-provided data.

Bug: T166229
Change-Id: I87a7be32ae7e80c112be556bc13db19f11e614ca
---

diff --git a/includes/api/ApiCSPReport.php b/includes/api/ApiCSPReport.php
index 4139019ccf..3a78c1350c 100644
--- a/includes/api/ApiCSPReport.php
+++ b/includes/api/ApiCSPReport.php
@@ -186,9 +186,9 @@ class ApiCSPReport extends ApiBase {
 			'method' => $method,
 			'user-agent' => $this->getRequest()->getHeader( 'user-agent' )
 		] );
-		// 500 so it shows up in browser's developer console.
+		// Return 400 on error for user agents to display, e.g. to the console.
 		$this->dieWithError(
-			[ 'apierror-csp-report', wfEscapeWikiText( $code ) ], 'cspreport-' . $code, [], 500
+			[ 'apierror-csp-report', wfEscapeWikiText( $code ) ], 'cspreport-' . $code, [], 400
 		);
 	}