Skip to content
Middleware for setting the Report-To HTTP response header
JavaScript
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github
lib
test
.editorconfig
.eslintrc.json
.gitignore
CHANGELOG.md
LICENSE
README.md
index.js
package-lock.json
package.json

README.md

Report To

npm version dependencies Status Greenkeeper badge Actions Status Coverage Status FOSSA Status

This is Express middleware to set the Report-To HTTP response header. You can read more about it here and here.

To use:

const reportTo = require('report-to')

// ...

app.use(reportTo({
    groups: [
		{
			group: "endpoint-1",
			max_age: 10886400,
			include_subdomains: true,
			endpoints: [
				{
					url: "https://example.com/reports",
					priority: 1
				},
				{
					url: "https://backup.com/reports",
					priority: 2
				}
			]
		}
	]
}))

When set alone, this header doesn't do anything and will need to be set with a header that allows reporting, such as Content-Security-Policy, NEL, etc.

For example, using the above definition, a NEL header may look like the following, using endpoint-1 as its report-to parameter: NEL: {"report_to":"endpoint-1","max_age":31536000,"include_subdomains":true} You can use this module to set an NEL header easily with express.

https://report-uri.com/ is a great reporting platform for monitoring CSP, NEL, etc. error logs.

License

FOSSA Status

You can’t perform that action at this time.