Remove report URI from default CSP interceptor configuration. By default, CSP will be in reporting mode with no report directive.
diff --git a/core/src/main/java/org/apache/struts2/interceptor/csp/CspInterceptor.java b/core/src/main/java/org/apache/struts2/interceptor/csp/CspInterceptor.java
index f70b0c6..2501796 100644
--- a/core/src/main/java/org/apache/struts2/interceptor/csp/CspInterceptor.java
+++ b/core/src/main/java/org/apache/struts2/interceptor/csp/CspInterceptor.java
@@ -62,7 +62,7 @@
settings.setReportUri(reportUri);
}
- private static Optional<URI> buildUri(String reportUri) {
+ private Optional<URI> buildUri(String reportUri) {
try {
return Optional.of(URI.create(reportUri));
} catch (IllegalArgumentException ignored) {
diff --git a/core/src/main/resources/struts-default.xml b/core/src/main/resources/struts-default.xml
index aba21ed..a22cd1f 100644
--- a/core/src/main/resources/struts-default.xml
+++ b/core/src/main/resources/struts-default.xml
@@ -380,7 +380,6 @@
<interceptor-ref name="i18n"/>
<interceptor-ref name="cspInterceptor">
<param name="enforcingMode">false</param>
- <param name="reportUri">/csp-reports</param>
</interceptor-ref>
<interceptor-ref name="prepare"/>
<interceptor-ref name="chain"/>