I built a very simple (it’s impressive how dumb it is) CSP reporting target. The code is at github.com/icco/reportd. If you’re interested in using it, I’ve got a version running at reportd.natwelch.com. An example on how to use it if you don’t want to run your own:

$ curl -svL https://writing.natwelch.com > /dev/null
> GET / HTTP/2
> Host: writing.natwelch.com
> User-Agent: curl/7.54.0
> Accept: */*
< HTTP/2 200
< nel: {"report_to":"default","max_age":2592000}
< report-to: {"group":"default","max_age":10886400,"endpoints":[{"url":"https://reportd.natwelch.com/report/writing"}]}
< content-security-policy: upgrade-insecure-requests; default-src 'self' https://graphql.natwelch.com/graphql; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src https://fonts.gstatic.com; img-src 'self' data: https://a.natwelch.com https://icco.imgix.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://a.natwelch.com/tracker.js; object-src 'none'; report-uri https://reportd.natwelch.com/report/writing; report-to default

Just replace writing in https://reportd.natwelch.com/report/writing with whatever your service is. For example https://reportd.natwelch.com/report/your-name-here.

For those that don't know what CSP is, it stands for Content Security Policy, and it is a way for servers to set rules on what types of data they should load. Mozilla has a great document that goes into the details of how CSP works.

Google has been expanding on the ideas presented in CSP, mainly that you can have an endpoint a browser can send client side errors to. The proposed Reporting API lets you specify a Report-To header, which tells the browser where to send reports. These reports could be CSP errors, network errors, and many other things. It seems really useful to me, so I decided to build reportd to play with it.

I hope you enjoy the service. It's free. If you want another service that is supported by a large organization and is much nicer, check out report-uri.com.


#opensource #code #infrastructure


Related Posts

I am scared. I mind you, have no real reason to be scared, but the last few days have pushed me to the point where i should be scared. You see, I believe 2007 will be the year of the Internet Revolution. The Internet Revolution in my mind is where there is a dramatic shift in how things are done on-line. There has been a slow shift towards the dynamic over the past years. Things like RSS, Flickr and Del.ici.ous have allowed this dynamic Web 2.0 to grow. Web 2.0 is a group of software that promotes content that delivers itself to the user in the way the user wants. The user can lay out the page with AJAX the way he or she wants to see it, and only the information they want to see is there. (example: Netvibes).