I built a very simple (it’s impressive how dumb it is) CSP reporting target. The code is at github.com/icco/reportd. If you’re interested in using it, I’ve got a version running at reportd.natwelch.com. An example on how to use it if you don’t want to run your own:

$ curl -svL https://writing.natwelch.com > /dev/null
> GET / HTTP/2
> Host: writing.natwelch.com
> User-Agent: curl/7.54.0
> Accept: */*
< HTTP/2 200
< nel: {"report_to":"default","max_age":2592000}
< report-to: {"group":"default","max_age":10886400,"endpoints":[{"url":"https://reportd.natwelch.com/report/writing"}]}
< content-security-policy: upgrade-insecure-requests; default-src 'self' https://graphql.natwelch.com/graphql; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src https://fonts.gstatic.com; img-src 'self' data: https://a.natwelch.com https://icco.imgix.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://a.natwelch.com/tracker.js; object-src 'none'; report-uri https://reportd.natwelch.com/report/writing; report-to default

Just replace writing in https://reportd.natwelch.com/report/writing with whatever your service is. For example https://reportd.natwelch.com/report/your-name-here.

For those that don't know what CSP is, it stands for Content Security Policy, and it is a way for servers to set rules on what types of data they should load. Mozilla has a great document that goes into the details of how CSP works.

Google has been expanding on the ideas presented in CSP, mainly that you can have an endpoint a browser can send client side errors to. The proposed Reporting API lets you specify a Report-To header, which tells the browser where to send reports. These reports could be CSP errors, network errors, and many other things. It seems really useful to me, so I decided to build reportd to play with it.

I hope you enjoy the service. It's free. If you want another service that is supported by a large organization and is much nicer, check out report-uri.com.


#opensource #code #infrastructure


Related Posts

I've been thinking about building a website to annotate the world. This concept was inspired by Eden of the East, an Anime I watched a while back (2009... wow, time flies). In the show "Eden of the East" is the name of a mobile application developed by several of the secondary characters. The app can recognize and provide details about objects, and is linked to a user database where people can post pictures to find out what they are. I want to build something like this that allows for the world to annotate photos, videos and audio.