dkam/clinch
1
0
Fork 0
Code Issues 2 Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Fix CSP reporting endpoitn. Fix the SER for CSP
Some checks failed
CI / scan_ruby (push) Has been cancelled
Details
CI / scan_js (push) Has been cancelled
Details
CI / lint (push) Has been cancelled
Details
CI / test (push) Has been cancelled
Details
CI / system-test (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Dan Milne
2025-11-04 23:22:15 +11:00
parent 6049429a41
commit 631b2b53bb
3 changed files with 14 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
config/initializers/content_security_policy.rb
View File

@@ -53,7 +53,7 @@ Rails.application.configure do
# Additional security headers for WebAuthn # Additional security headers for WebAuthn
# Required for WebAuthn to work properly # Required for WebAuthn to work properly
policy.require_trusted_types_for :none policy.require_trusted_types_for :none
policy.report_uri = "/api/csp-violation-report" policy.report_uri "/api/csp-violation-report"
end end
# Start with CSP in report-only mode for testing # Start with CSP in report-only mode for testing

16
config/initializers/csp_local_logger.rb
View File

@@ -4,10 +4,14 @@
Rails.application.config.after_initialize do Rails.application.config.after_initialize do
# Create a dedicated logger for CSP violations # Create a dedicated logger for CSP violations
csp_log_path = Rails.root.join("log", "csp_violations.log") csp_log_path = Rails.root.join("log", "csp_violations.log")
csp_logger = Logger.new(csp_log_path)
# Rotate logs daily, keep 30 days # Configure log rotation
csp_logger.keep = 30 csp_logger = Logger.new(
csp_log_path,
'daily', # Rotate daily
30 # Keep 30 old log files
)
csp_logger.level = Logger::INFO csp_logger.level = Logger::INFO
# Format: [TIMESTAMP] LEVEL MESSAGE # Format: [TIMESTAMP] LEVEL MESSAGE
@@ -16,8 +20,8 @@ Rails.application.config.after_initialize do
end end
module CspViolationLocalLogger module CspViolationLocalLogger
def self.emit(event_data) def self.emit(event)
csp_data = event_data[:data] || {} csp_data = event[:payload] || {}
# Build a structured log message # Build a structured log message
violated_directive = csp_data[:violated_directive] || "unknown" violated_directive = csp_data[:violated_directive] || "unknown"
@@ -83,7 +87,7 @@ Rails.application.config.after_initialize do
end end
# Register the local logger subscriber # Register the local logger subscriber
Rails.event.subscribe("csp.violation", CspViolationLocalLogger) Rails.event.subscribe(CspViolationLocalLogger)
Rails.logger.info "CSP violation local logger registered - logging to: #{csp_log_path}" Rails.logger.info "CSP violation local logger registered - logging to: #{csp_log_path}"

6
config/initializers/sentry_subscriber.rb
View File

@@ -6,9 +6,9 @@ Rails.application.config.after_initialize do
if defined?(Sentry) && Sentry.initialized? if defined?(Sentry) && Sentry.initialized?
module CspViolationSentrySubscriber module CspViolationSentrySubscriber
def self.emit(event_data) def self.emit(event)
# Extract relevant CSP violation data # Extract relevant CSP violation data
csp_data = event_data[:data] || {} csp_data = event[:payload] || {}
# Build a descriptive message for Sentry # Build a descriptive message for Sentry
violated_directive = csp_data[:violated_directive] violated_directive = csp_data[:violated_directive]
@@ -111,7 +111,7 @@ Rails.application.config.after_initialize do
end end
# Register the subscriber for CSP violation events # Register the subscriber for CSP violation events
Rails.event.subscribe("csp.violation", CspViolationSentrySubscriber) Rails.event.subscribe(CspViolationSentrySubscriber)
Rails.logger.info "CSP violation Sentry subscriber registered" Rails.logger.info "CSP violation Sentry subscriber registered"
else else