A basic service for logging content security policy violations. See upstream.
This deploys to Heroku, and expects a Postgres instance along with these env variables:
- `PORT` - Port for server
- `DATABASE_URL` - Postgres connection string
- `DOMAIN_WHITELIST_STRING` - A comma separated whitelist of domains that be sending CSP exceptions
- `SOURCE_BLACKLIST_STRING` - A comma separated blacklists of sources to ignore
Then run npm start.
Configure your CSP to report to the /csp route of this service. Incoming reports will be logged to your designated storage.
heroku pg:psql -c 'select id, substr("violatedDirective", 0, 12), "documentURI", "blockedURI", "sourceFile", "lineNumber", "columnNumber" from "cspViolations" ORDER BY id DESC;'
heroku pg:psql -c 'select id, substr("violatedDirective", 0, 12), "documentURI", "blockedURI", "sourceFile", "lineNumber", "columnNumber" from "cspViolations" WHERE "lineNumber" != 1 AND "columnNumber" != 1 ORDER BY id DESC;'
heroku pg:psql -c 'DELETE from "cspViolations" WHERE "lineNumber" = 1 AND "columnNumber" = 1';
heroku pg:psql -c 'SELECT count(*) from "cspViolations" where "createdAt" < '2020-06-24';'
heroku pg:psql -c 'DELETE from "cspViolations" where "createdAt" < '2001-01-01';'