Use report-to with group which configured in the separate header (#9440)

olksdr · web-flow · commit 2f513043b239 · 2024-03-15T15:10:44.000+01:00
diff --git a/docs/product/security-policy-reporting.mdx b/docs/product/security-policy-reporting.mdx
@@ -19,7 +19,9 @@ To configure CSP reports in Sentry, you’ll need to send a header from your ser
 ```
 Content-Security-Policy: ...;
     report-uri https://___ORG_INGEST_DOMAIN___/api/___PROJECT_ID___/security/?sentry_key=___PUBLIC_KEY___;
-    report-to {"group":"default","max_age":10886400,"endpoints":[{"url":"https://___ORG_INGEST_DOMAIN___/api/___PROJECT_ID___/security/?sentry_key=___PUBLIC_KEY___"}],"include_subdomains":true}
+    report-to csp-endpoint
+
+Report-To: {"group":"csp-endpoint","max_age":10886400,"endpoints":[{"url":"https://___ORG_INGEST_DOMAIN___/api/___PROJECT_ID___/security/?sentry_key=___PUBLIC_KEY___"}],"include_subdomains":true}
 ```
 
 <Alert level="note" title="Compatibility Recommendation">
@@ -35,7 +37,9 @@ Alternatively you can setup CSP reports to simply send reports rather than actua
 ```
 Content-Security-Policy-Report-Only: ...;
     report-uri https://___ORG_INGEST_DOMAIN___/api/___PROJECT_ID___/security/?sentry_key=___PUBLIC_KEY___;
-    report-to {"group":"default","max_age":10886400,"endpoints":[{"url":"https://___ORG_INGEST_DOMAIN___/api/___PROJECT_ID___/security/?sentry_key=___PUBLIC_KEY___"}],"include_subdomains":true}
+    report-to csp-endpoint
+
+Report-To: {"group":"csp-endpoint","max_age":10886400,"endpoints":[{"url":"https://___ORG_INGEST_DOMAIN___/api/___PROJECT_ID___/security/?sentry_key=___PUBLIC_KEY___"}],"include_subdomains":true}
 ```
 
 When defining your policy it is important to ensure that `sentry.io` or your self-hosted Sentry domain is in your `default-src` or `connect-src` policy, or browsers will block requests that submit policy violations.
