CSP Logger

A basic service for logging content security policy violations. See upstream.

Setup

This deploys to Heroku, and expects a Postgres instance along with these env variables:

- `PORT` - Port for server
- `DATABASE_URL` - Postgres connection string
- `DOMAIN_WHITELIST_STRING` - A comma separated whitelist of domains that be sending CSP exceptions
- `SOURCE_BLACKLIST_STRING` - A comma separated blacklists of sources to ignore

Then run npm start.

Pointing your app to it

Configure your CSP to report to the /csp route of this service. Incoming reports will be logged to your designated storage.

Looking in the database

heroku pg:psql -c 'select id, substr("violatedDirective", 0, 12), "documentURI", "blockedURI", "sourceFile", "lineNumber" from "cspViolations" ORDER BY id DESC;'

Name		Name	Last commit message	Last commit date
Latest commit History 50 Commits
conf		conf
lib		lib
test		test
.gitignore		.gitignore
.jsbeautifyrc		.jsbeautifyrc
.jshintrc		.jshintrc
.travis.yml		.travis.yml
CONTRIBUTING.md		CONTRIBUTING.md
Gruntfile.js		Gruntfile.js
README.md		README.md
csp-logger.js		csp-logger.js
package.json		package.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CSP Logger

Setup

Pointing your app to it

Looking in the database

About

Releases

Packages

Languages

mit-teaching-systems-lab/csp-logger

Folders and files

Latest commit

History

Repository files navigation

CSP Logger

Setup

Pointing your app to it

Looking in the database

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages