search

GCTC-NTGC / gc-digital-talent

GC Digital Talent is the new recruitment platform for digital and tech jobs in the Government of Canada. // Talents numériques du GC est la nouvelle plateforme de recrutement pour les emplois numériques et technologiques au gouvernement du Canada.
https://talent.canada.ca
GNU Affero General Public License v3.0
22 stars 8 forks source link

[FIX] Log entire CSP report message #11800

Open petertgiles opened 3 days ago

petertgiles commented 3 days ago

🤖 Resolves #11790

👋 Introduction

Simplifies the CSP logging to just dump out the entire message instead of looking for specific properties.

🕵️ Details

I'm not really sure what's going on here. I haven't been able to replicate the problem at all and I don't think our site has any actual CSP violations. Something is just dumping junk at our endpoint, maybe? Or a bad browser extension? I haven't been able to get a real browser to send a report locally or on the DEV vertical. It does seem like the queued report from Chrome has a very different shape than we were expecting.

image

🧪 Testing

The only way I was able to log anything was to manually POST a JSON message from Postman.

image

  1. POST a JSON message to /api/csp-report
  2. Verify you get an HTTP 200 reponse and your message was logged.

📸 Screenshot

image

brindasasi commented 13 hours ago

Also when I run it with invalid/empty json I get this

Screenshot 2024-10-21 at 5 30 31 PM