docs: strict CSP, Sentry report-uri config

cal-itp · Apr 13, 2023 · 6a22665 · 6a22665
1 parent 2faabec
commit 6a22665
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 0 deletions.
diff --git a/docs/configuration/content-security-policy.md b/docs/configuration/content-security-policy.md
@@ -10,6 +10,10 @@
 > With a few exceptions, policies mostly involve specifying server origins and script endpoints. This helps guard against
 > cross-site scripting attacks
 
+!!! warning "Strict CSP"
+
+    Benefits configures a Strict Content Security Policy. Read more about Strict CSP from Google: <https://csp.withgoogle.com/docs/strict-csp.html>.
+
 ## `django-csp`
 
 !!! tldr "django-csp docs"

diff --git a/docs/configuration/environment-variables.md b/docs/configuration/environment-variables.md
@@ -177,5 +177,13 @@ Enables [sending events to Sentry](../../deployment/troubleshooting/#error-monit
 
 Segments errors by which deployment they occur in. This defaults to `local`, and can be set to match one of the [environment names](../../deployment/infrastructure/#environments).
 
+### `SENTRY_REPORT_URI`
+
+!!! tldr "Sentry docs"
+
+    [Security Policy Reporting](https://docs.sentry.io/product/security-policy-reporting/)
+
+Collect information on Content-Security-Policy (CSP) violations. Read more about [CSP configuration in Benefits](./content-security-policy.md).
+
 [app-service-config]: https://docs.microsoft.com/en-us/azure/app-service/configure-common?tabs=portal
 [getting-started_create-env]: ../getting-started/README.md#create-an-environment-file