Add end-user function to generate CSP report-uri

[jnoordsij]

Problem Statement

It is possible to use Sentry as endpoint for collecting CSP violations, see https://docs.sentry.io/product/security-policy-reporting/. In order to do so, it requires passing a specific report-uri value to the CSP header in the response of your application. It would be great if the SDK would be able to generate such an URI.

Solution Brainstorm

The Raven: Sentry Integration module for Drupal has an implentation of this, see https://git.drupalcode.org/project/raven/-/blob/4.x/src/Plugin/CspReportingHandler/Raven.php. It would be great to have a public function for this URI in any application using Sentry PHP SDK.

[cleptric]

Thanks for opening an issue about this 👍

Looking at our Ruby SDK, we do expose an API for people to generate the report-uri there, so I don't see any reason why we shouldn't add it to the PHP SDK as well.

I'll put this into the backlog for now, but PRs are always welcome 🙂

[mfb]

At a minimum we should add new method Dsn::getSecurityApiEndpointUrl().

It'd be nice to also provide a convenience method - something like Client::getSecurityReportUri() - which would return Dsn::getSecurityApiEndpointUrl() plus a query string, built by http_build_query(), with sentry_key, sentry_environment and sentry_release (if set). I don't think this should be part of Dsn class because Dsn doesn't currently know anything about environment and release.