Issue #1329. Add a /csp-report endpoint for simple logging of violati…

…ons.
webcompat · Feb 28, 2017 · cece38a · cece38a
1 parent c2c8467
commit cece38a
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 0 deletions.
diff --git a/config/__init__.py b/config/__init__.py
@@ -38,6 +38,7 @@
 
 LOG_FILE = '/tmp/webcompat.log'
 LOG_FMT = '%(asctime)s tracking %(message)s'
+CSP_REPORTS_LOG = '/tmp/webcompat-csp-reports.log'
 
 # Status categories used in the project
 # 'new', 'needsdiagnosis', 'needscontact', 'contactready' , 'sitewait', 'close'

diff --git a/webcompat/views.py b/webcompat/views.py
@@ -306,3 +306,13 @@ def contributors():
 def cssfixme():
     '''Route for CSS Fix me tool'''
     return render_template('cssfixme.html')
+
+
+@app.route('/csp-report', methods=['POST'])
+def log_report():
+    '''Route to record CSP header violations.'''
+    if 'application/csp-report' not in request.headers.get('content-type'):
+        return ('Wrong Content-Type.', 400)
+    with open(app.config['CSP_REPORTS_LOG'], 'a') as r:
+        r.write(request.data + '\n')
+    return ('', 204)