search

nico3333fr / CSP-useful

Collection of scripts, thoughts about CSP (Content Security Policy)
MIT License
487 stars 59 forks source link

Adding a resource to the reporting section #82

Closed dylburger closed 4 years ago

dylburger commented 4 years ago

Pipedream is a free service that lets you run Node code and run basic actions (think: Zapier) in response to HTTP requests. Anyone can copy and run this workflow and point their report-uri to their workflow's HTTP endpoint. Then, they can run SQL on violation data, e.g. to understand what the most common violations / blocked URIs are:

SELECT effective_directive, blocked_uri, COUNT(*) FROM csp_violation_data GROUP BY 1, 2 ORDER BY 3 DESC;

They can also send violations to Slack (the workflow shows an example of how to filter out specific violations to reduce noise).

Thought this might provide a cool example of how to run code on response violations!

nico3333fr commented 4 years ago

@dylburger thanks a lot for this resource :)