go-csp-collector
go-csp-collector copied to clipboard
Allow an array of reports
I'm getting this when reports are sent from chrome:
{"level":"debug","message":"Unable to decode invalid JSON payload: json: cannot unmarshal array into Go value of type main.CSPReport","timestamp":"2022-08-24T11:31:19Z"}
I think that chrome is sending multiple reports in an array. I couldn't find it in the spec but this says:
As you can see, the report is part of an array of reports, since there can be multiple types of reports in a single Reporting API call.
thanks for the issue. I'll have to take a look at how we handle this as collection vs single in typed languages isn't an easy process 😅
i have a way forward with this using a custom Marshal
and Unmarshal
methods; it's not pretty but it does work.
also, i sat down and looked into this more and these are actually two different (yet similar) things. the first one is a CSP report whereas the second (array of reports) is from the Reporting API for a CSP violation. the latter is the newer, all encompassing collection mechanism so i think i'll keep these separate. i.e. /csp
can be for the older style reports and report
(or similar) can be for the reporting API if it is supported by the browser.