aspnetcore-security-headers icon indicating copy to clipboard operation
aspnetcore-security-headers copied to clipboard

Published 20 hours ago verified publisher icon juunas11

Add CspReport Object

Open Matti-Koopa opened this issue 3 years ago • 1 comments

It can often make sense to implement a report endpoint into the same .NET project that uses this library for setting the CSP-header. A CSP-report is a JSON-structure. It would be nice to have a pre-made object in this library we can serialize into out-of-the-box with easily accessable properties. Usage example:

[HttpPost]
public IActionResult ReportEndpoint(CspReport report)
{
  Console.Log(report.DocumentUri.ToString());
  Console.Log(report.ViolatedDirective);
  Console.Log(report.BlockedUri.ToString());
  return Ok();
}

Matti-Koopa avatar Jul 28 '21 09:07 Matti-Koopa

Good idea :) The structure should be this one at the moment: https://w3c.github.io/webappsec-csp/#deprecated-serialize-violation. Based on the name and some comments in the spec, it seems they are actively trying to evolve this structure though. One request per violation does feel a bit inefficient.

juunas11 avatar May 24 '23 06:05 juunas11