A simple application to send CSP violation reports to an email address
Du kannst nicht mehr als 25 Themen auswählen Themen müssen entweder mit einem Buchstaben oder einer Ziffer beginnen. Sie können Bindestriche („-“) enthalten und bis zu 35 Zeichen lang sein.
 
 
bn4t 2b2ef39bd9 update example config vor 4 Monaten
configs update example config vor 4 Monaten
init rework csp-handler vor 4 Monaten
.gitignore rework csp-handler vor 4 Monaten
LICENSE add license vor 1 Jahr
Makefile rework csp-handler vor 4 Monaten
README.md fix typo vor 4 Monaten
config.go rework csp-handler vor 4 Monaten
csp-handler.go rework csp-handler vor 4 Monaten
go.mod rework csp-handler vor 4 Monaten
go.sum rework csp-handler vor 4 Monaten
mail.go rework csp-handler vor 4 Monaten
main.go rework csp-handler vor 4 Monaten
rateLimit.go rework csp-handler vor 4 Monaten

README.md

CSP-Handler

A simple application to send CSP violation reports to an email address

Important

CSP-Handler needs to be behind a reverse proxy which forwards either the X-Forwarded-For or X-Real-IP header, otherwise rate limiting won’t work.

Installation

  1. Install golang (>=1.14) and GNU make if you don’t have them already
  2. Clone the repository: git clone https://git.bn4t.me/bn4t/csp-handler.git
  3. Checkout the latest stable tag
  4. Run make build to build the csp-handler binary
  5. Run sudo make install to install csp-handler on your system. This will create the directory /etc/csp-handler (config directory). Additionally the user csp-handler will be created.
  6. If you have systemd installed you can run sudo make install-systemd to install the systemd service. Run service csp-handler start to start the csp-handler service. Csp-handler will automatically run as the csp-handler user.

Make sure you edit the config located at /etc/csp-handler/config.toml before running the service.

Command line flags

  • -config <config file> - The location of the config file to use. Defaults to config.toml in the working directory.

Deinstallation

Run sudo make uninstall to uninstall csp-handler. This will remove /etc/csp-handler if the directory is empty.

Run sudo make uninstall-systemd to remove the systemd service.

Usage

Include the report-uri directive in your content security policy:

report-uri https://csp-report.example.com/report-uri/mydomain.com

Replace csp-report.example.com with the domain on which csp-report is deployed and mydomain.com with the domain on which the content security policy is deployed.

License

GPLv3