CSP Collector is a Go-based tool designed to collect and process Content Security Policy (CSP) violation reports. It implements CSP's report-to functionality, enabling web developers to receive detailed reports on CSP violations occurring on their websites.
To install CSP Collector, follow these steps:
git clone https://github.com/LittleToni/csp-collector
cd csp-collectorRun the following command to initialize CSP Collector:
make initEdit the .env file to customize CSP Collector.
Build CSP Collector by running:
make buildAfter build, you can start CSP Collector by running:
make startTo use CSP Collector in your web application, add the appropriate CSP report-to to your CSP header.
This project is structured according to the Standard Go Project Layout. For more details on the project structure and its components, you can refer to the Standard Go Project Layout documentation.
Test CSP Collector by running:
make testPost a sample csp violation report:
curl -X POST \
'http://localhost:8080/report' \
--header 'Content-Type: application/csp-report' \
--data-raw '{
"csp-report": {
"blocked-uri": "http://example.com/css/style.css",
"disposition": "report",
"document-uri": "http://example.com/signup.html",
"effective-directive": "style-src-elem",
"original-policy": "default-src 'none'; style-src cdn.example.com; report-to /_/csp-reports",
"referrer": "",
"status-code": 200,
"violated-directive": "style-src-elem"
}
}'This project is licensed under the MIT License.