-
Notifications
You must be signed in to change notification settings - Fork 1
/
csp-report.php
76 lines (65 loc) · 1.92 KB
/
csp-report.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
<?php
/**
* csp-report.php
*
* Content Security Policy report tool
*
* Copyright 2016 Edwin Martin
*
* License: MIT
*
*/
/* Start config, edit the lines below */
/* First create an incoming webhook here: https://api.slack.com/incoming-webhooks */
/* Replace $webhookUrl with your webhook url */
$webhookUrl = "https://hooks.slack.com/services/XXXXXXXXX/XXXXXXXXX/XXXXXXXXXXXXXXXXXXXXXXXX";
/* Replace with your @username or #channel */
$channel = "@edwin";
/* End config */
$data = json_decode(file_get_contents('php://input'), true);
if ($data == null) {
echo "<h1>Content Security Policy report tool</h1>\n";
echo "<p>See <a href='https://github.com/edwinm/csp-report'>csp-report repository</a></p>\n";
die;
}
$data = $data["csp-report"];
//$report = json_encode($data["csp-report"]);
$report = "";
$documentUri = "";
$violatedDirective = "";
foreach ($data as $directive => $value) {
switch ($directive) {
case "document-uri":
$documentUri = $value;
break;
case "violated-directive":
$violatedDirective = $value;
break;
default:
$report .= "*$directive*:\n$value\n";
break;
}
}
$report .= "*(user-agent)*\n" . $_SERVER['HTTP_USER_AGENT'] . "\n";
$dataString = <<<EOT
{
"text": "*Content Security Policy report*",
"channel": "$channel",
"attachments": [
{
"text": "*document-uri*:\n$documentUri\n*violated-directive*:\n$violatedDirective\n$report",
"color": "#7CD197",
"mrkdwn_in": ["text", "pretext"]
}
]
}
EOT;
$ch = curl_init($webhookUrl);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
curl_setopt($ch, CURLOPT_POSTFIELDS, $dataString);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Content-Type: application/json',
'Content-Length: ' . strlen($dataString))
);
$result = curl_exec($ch);