go-csp-collector icon indicating copy to clipboard operation
go-csp-collector copied to clipboard

Published 20 hours ago verified publisher icon jacobbednarz

Allow an array of reports

Open landorg opened this issue 1 year ago • 3 comments

I'm getting this when reports are sent from chrome:

{"level":"debug","message":"Unable to decode invalid JSON payload: json: cannot unmarshal array into Go value of type main.CSPReport","timestamp":"2022-08-24T11:31:19Z"}

I think that chrome is sending multiple reports in an array. I couldn't find it in the spec but this says:

As you can see, the report is part of an array of reports, since there can be multiple types of reports in a single Reporting API call.

landorg avatar Aug 24 '22 12:08 landorg

thanks for the issue. I'll have to take a look at how we handle this as collection vs single in typed languages isn't an easy process 😅

jacobbednarz avatar Aug 26 '22 07:08 jacobbednarz

i have a way forward with this using a custom Marshal and Unmarshal methods; it's not pretty but it does work.

jacobbednarz avatar Aug 29 '22 22:08 jacobbednarz

also, i sat down and looked into this more and these are actually two different (yet similar) things. the first one is a CSP report whereas the second (array of reports) is from the Reporting API for a CSP violation. the latter is the newer, all encompassing collection mechanism so i think i'll keep these separate. i.e. /csp can be for the older style reports and report (or similar) can be for the reporting API if it is supported by the browser.

jacobbednarz avatar Sep 03 '22 03:09 jacobbednarz