diff --git a/routes/reporting-api.php b/routes/reporting-api.php
index 8fca677..7c82059 100644
--- a/routes/reporting-api.php
+++ b/routes/reporting-api.php
@@ -1,9 +1,11 @@
 <?php
 
 use audunru\ReportingApi\Controllers\ReportingApiController;
+use Illuminate\Foundation\Http\Middleware\PreventRequestForgery;
+use Illuminate\Foundation\Http\Middleware\ValidateCsrfToken;
 use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken;
 use Illuminate\Support\Facades\Route;
 
 Route::post(config('reporting-api.path', '/reports'), [ReportingApiController::class, 'report'])
     ->middleware(['throttle:'.config('reporting-api.throttle', '60,1')])
-    ->withoutMiddleware([VerifyCsrfToken::class]);
+    ->withoutMiddleware([VerifyCsrfToken::class, ValidateCsrfToken::class, PreventRequestForgery::class]);
diff --git a/src/Listeners/LogCspViolation.php b/src/Listeners/LogCspViolation.php
index 22708e4..5bd8140 100644
--- a/src/Listeners/LogCspViolation.php
+++ b/src/Listeners/LogCspViolation.php
@@ -21,9 +21,7 @@ public function handle(CspViolationReceived $event): void
             return;
         }
 
-        Log::channel($this->channel)->warning('CSP violation: {directive} blocked {url}', [
-            'directive' => $report->body->effectiveDirective,
-            'url' => $report->body->blockedURL,
+        Log::channel($this->channel)->warning("CSP violation: {$report->body->effectiveDirective} blocked {$report->body->blockedURL}", [
             'page' => $report->url,
         ]);
     }
diff --git a/src/Listeners/LogReport.php b/src/Listeners/LogReport.php
index 8917e8e..90970a0 100644
--- a/src/Listeners/LogReport.php
+++ b/src/Listeners/LogReport.php
@@ -18,9 +18,7 @@ public function handle(ReportEvent $event): void
             return;
         }
 
-        Log::channel($this->channel)->info('{type} report received at {url}', [
-            'type' => $report->type,
-            'url' => $report->url,
+        Log::channel($this->channel)->info("{$report->type} report received at {$report->url}", [
             'report' => $event->getRawReport(),
         ]);
     }
diff --git a/tests/Unit/Listeners/LogCspViolationTest.php b/tests/Unit/Listeners/LogCspViolationTest.php
index d65c1ed..0d279e9 100644
--- a/tests/Unit/Listeners/LogCspViolationTest.php
+++ b/tests/Unit/Listeners/LogCspViolationTest.php
@@ -26,7 +26,9 @@ public function test_logs_warning_for_csp_violation(): void
 
         (new LogCspViolation)->handle($event);
 
-        $spy->shouldHaveReceived('warning')->once();
+        $spy->shouldHaveReceived('warning')
+            ->once()
+            ->with('CSP violation: script-src blocked https://evil.example/script.js', ['page' => 'https://example.test/page']);
     }
 
     public function test_skips_logging_when_excluded(): void
diff --git a/tests/Unit/Listeners/LogReportTest.php b/tests/Unit/Listeners/LogReportTest.php
index e7ca09f..4f679df 100644
--- a/tests/Unit/Listeners/LogReportTest.php
+++ b/tests/Unit/Listeners/LogReportTest.php
@@ -26,7 +26,9 @@ public function test_logs_info_for_any_report(): void
 
         (new LogReport)->handle($event);
 
-        $spy->shouldHaveReceived('info')->once();
+        $spy->shouldHaveReceived('info')
+            ->once()
+            ->with('deprecation report received at https://example.test/page', \Mockery::type('array'));
     }
 
     public function test_skips_logging_when_excluded(): void