I built a very simple (it’s impressive how dumb it is) CSP reporting target. The code is at github.com/icco/reportd. If you’re interested in using it, I’ve got a version running at reportd.natwelch.com. An example on how to use it if you don’t want to run your own:

$ curl -svL https://writing.natwelch.com > /dev/null
> GET / HTTP/2
> Host: writing.natwelch.com
> User-Agent: curl/7.54.0
> Accept: */*
< HTTP/2 200
< nel: {"report_to":"default","max_age":2592000}
< report-to: {"group":"default","max_age":10886400,"endpoints":[{"url":"https://reportd.natwelch.com/report/writing"}]}
< content-security-policy: upgrade-insecure-requests; default-src 'self' https://graphql.natwelch.com/graphql; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src https://fonts.gstatic.com; img-src 'self' data: https://a.natwelch.com https://icco.imgix.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://a.natwelch.com/tracker.js; object-src 'none'; report-uri https://reportd.natwelch.com/report/writing; report-to default

Just replace writing in https://reportd.natwelch.com/report/writing with whatever your service is. For example https://reportd.natwelch.com/report/your-name-here.

For those that don't know what CSP is, it stands for Content Security Policy, and it is a way for servers to set rules on what types of data they should load. Mozilla has a great document that goes into the details of how CSP works.

Google has been expanding on the ideas presented in CSP, mainly that you can have an endpoint a browser can send client side errors to. The proposed Reporting API lets you specify a Report-To header, which tells the browser where to send reports. These reports could be CSP errors, network errors, and many other things. It seems really useful to me, so I decided to build reportd to play with it.

I hope you enjoy the service. It's free. If you want another service that is supported by a large organization and is much nicer, check out report-uri.com.


#opensource #code #infrastructure


Related Posts

GitHub has empowered a new generation of people to collaborate, create, produce. Many developers will lament the loss of former cultural norms — like the place of committers or the old fight about which license to use — but the future is already in the hands of a new generation that has moved on.

I couldn't find a good copy of this, but at the end of Chef, there is this great video of Jon Favreau learning to cook a grilled cheese. Felt like a perfect description of any creative endeavor. The audio is the key. I'll see if I can make a copy or something...

I always think of children as "underfoot". I mean it as a compliment, where they are running around, looking at things, touching things, trying things.