report-uri is encoded in to unuseable string
Firesphere opened this issue · comments
The report-uri is encoded when the header is compiled, and then escaped, causing https://example.com
to be encoded as https%3A//example.com
The browser then interprets this as "https://www.mydomain.com/https%3A//example.com", which... maybe obviously, doesn't work very well.
#61 fixes this. We haven't tagged a release yet.
Hi @paragonie-security , I left a comment on the pull request earlier. I still get the behaviour after the merged fix: #62 (comment), even with the addition of the URL parameter. A downgrade to 2.7.0 resolved my particular issue
Resolved in latest release :)