Content Security Policy reports trigger false-positive

### Description

The Content Security Policy reports trigger rule `Request content type is not allowed by policy (920420)`

Content-Type: [application/reports+json](https://www.w3.org/TR/reporting-1/#media-type)

Can this content-type be allowed, or a default exclusion for the reporting URL made?

Happy to do the work and provide this with your guidance.

### How to reproduce the misbehavior (-> curl call)
curl -H 'Content-Type: application/reports+json' localhost/csp-reports

### Your Environment

* CRS version (e.g., v3.3.4): latest
* Paranoia level setting (e.g. PL1) : PL2
* ModSecurity version (e.g., 2.9.6): -
* Web Server and version or cloud provider / CDN (e.g., Apache httpd 2.4.54): local installation
* Operating System and version: Ubuntu

### Confirmation

[x] I have removed any personal data (email addresses, IP addresses,
    passwords, domain names) from any logs posted.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Content Security Policy reports trigger false-positive #4212

Description

How to reproduce the misbehavior (-> curl call)

Your Environment

Confirmation

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Content Security Policy reports trigger false-positive #4212

Description

Description

How to reproduce the misbehavior (-> curl call)

Your Environment

Confirmation

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions