CSP Collector is a Go-based tool designed to collect and process Content Security Policy (CSP) violation reports. It implements CSP's report-to functionality, enabling web developers to receive detailed reports on CSP violations occurring on their websites.
To install CSP Collector, follow these steps:
git clone https://github.com/LittleToni/csp-collector
cd csp-collector
Run the following command to initialize CSP Collector:
make init
Edit the .env
file to customize CSP Collector.
Build CSP Collector by running:
make build
After build, you can start CSP Collector by running:
make start
To use CSP Collector in your web application, add the appropriate CSP report-to to your CSP header.
This project is structured according to the Standard Go Project Layout. For more details on the project structure and its components, you can refer to the Standard Go Project Layout documentation.
Test CSP Collector by running:
make test
Post a sample csp violation report:
curl -X POST \
'http://localhost:8080/report' \
--header 'Content-Type: application/csp-report' \
--data-raw '{
"csp-report": {
"blocked-uri": "http://example.com/css/style.css",
"disposition": "report",
"document-uri": "http://example.com/signup.html",
"effective-directive": "style-src-elem",
"original-policy": "default-src 'none'; style-src cdn.example.com; report-to /_/csp-reports",
"referrer": "",
"status-code": 200,
"violated-directive": "style-src-elem"
}
}'
This project is licensed under the MIT License.