add support for Network Error Logging(NEL)?

[komuw]

• https://w3c.github.io/network-error-logging/#dfn-nel-policies
• https://developers.cloudflare.com/support/network/understanding-network-error-logging/
• https://developer.mozilla.org/en-US/docs/Web/HTTP/Network_Error_Logging

NEL is a browser-based technology used to quickly identify problems with site visitors connecting to your server.
Browsers/clients can send details of any errors encountered by users to a predetermined URL.

It is not supported by all clients/browsers: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/NEL#browser_compatibility
Particularly, mozilla does not.

[komuw]

Maybe this does not belong to ong and instead belongs to end user applications.

[komuw]

Is there some security/auth protection? What prevents random people from calling your NEL url and posting bogus errors?

[komuw]

The Report-To http response header.

Report-To: {"group": "my_reporting_group", 
            "max_age": 2592000, 
            "endpoints": [{"url": "https://example.com/upload-reports"}]}

The NEL http response header:

NEL: { "report_to": "my_reporting_group", 
        "max_age": 12345, 
        "include_subdomains": true, 
        "success_fraction": 0.0, 
        "failure_fraction": 1.0 }

report_to is required. Is the name of a group from the Report-To http response header
max_age is required. Should be positive integer in seconds. A value of 0 will cause any NEL policy for that origin to be removed.
success_fraction is optional. Should be 0.0 - 1.0. Defines sampling rate for succesful network requests.
failure_fraction this one is for failures.
request_headers. optional, list of strings. request headers whose names and values will be included in network error reports
response_headers. optional, list of strings. response headers whose names and values will be included in network error reports

TODO: I think we should add Ong-logID to response_headers so that the NEL header looks like

NEL: { "report_to": "my_reporting_group", "response_headers": ["Ong-logID"] ...... }

This way, we are able to correlate any network error reports with their corresponding logIDs(if any).
This means that we would also need to have ong-logid in response http headers in ong/middleware. We already have that

ong/middleware/trace.go

Lines 29 to 30 in 32140f7

	r.Header.Set(logIDKey, logID)
	w.Header().Set(logIDKey, logID)

This one;

NEL: {"max_age": 0}

instructs the user agent to remove any existing NEL policy for the domain.

Example network error report:

{
  "age": 163,
  "type": "network-error",
  "url": "https://widget.com/thing.js",
  "body": {
    "sampling_fraction": 1.0,
    "referrer": "https://www.example.com/",
    "server_ip": "",
    "protocol": "",
    "method": "GET",
    "request_headers": {},
    "response_headers": {},
    "status_code": 0,
    "elapsed_time": 143,
    "phase": "dns",
    "type": "dns.name_not_resolved"
  }
}

The report indicates that the user agent attempted to fetch https://widget.com/thing.js from https://www.example.com/.
However, the user agent was unable to resolve the DNS name and the request was aborted by the user agent after 143 milliseconds.
The resport was submitted 163seconds after the error was encountered.

The type of network error can be;

• dns.unreachable The user's DNS server is unreachable
• dns.name_not_resolved The user's DNS server responded but was unable to resolve an IP address for the requested URI.
• dns.failed Request to the DNS server failed due to reasons not covered by previous errors (e.g. SERVFAIL)
• dns.address_changed For security reasons, if the server IP address that delivered the original report is different to the current server IP address at time of error generation
• tcp.timed_out TCP connection to the server timed out
• tcp.closed The TCP connection was closed by the server
• tcp.reset The TCP connection was reset
• tcp.refused The TCP connection was refused by the server
• tcp.aborted The TCP connection was aborted
• tcp.address_invalid The IP address is invalid
• tcp.address_unreachable The IP address is unreachable
• tcp.failed The TCP connection failed due to reasons not covered by previous errors
• http.error The user agent successfully received a response, but it had a 4xx or 5xx status code
• http.protocol.error The connection was aborted due to an HTTP protocol error
• http.response.invalid Response is empty, has a content-length mismatch, has improper encoding, and/or other conditions that prevent user agent from processing the response
• http.response.redirect_loop The request was aborted due to a detected redirect loop
• http.failed The connection failed due to errors in HTTP protocol not covered by previous errors