-
Notifications
You must be signed in to change notification settings - Fork 77
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixes #21854: Properly configure CSP violation handler #4512
Fixes #21854: Properly configure CSP violation handler #4512
Conversation
Produces logs like:
|
PR updated with a new commit |
@@ -362,6 +364,12 @@ class Boot extends Loggable { | |||
// the session itself. | |||
LiftRules.noCometSessionCmd.default.set(() => JsCmd.unitToJsCmd(())) | |||
|
|||
// Log CSP violations | |||
LiftRules.contentSecurityPolicyViolationReport = (r: ContentSecurityPolicyViolation) => { | |||
ApplicationLogger.warn(s"Content security policy violation: blocked ${r.blockedUri} in ${r.documentUri} because of ${r.violatedDirective} directive") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I haven't investigated how to log it the right context, Application looks a bit too generic.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems correct to me
This PR is not mergeable to upper versions. |
OK, squash merging this PR |
3aa6d2f
to
bdcacd7
Compare
https://issues.rudder.io/issues/21854