From 8e0b2c28eb236b760b94f5415be4d7ba60ccabbf Mon Sep 17 00:00:00 2001
From: Dan Milne <d@nmilne.com>
Date: Sat, 8 Nov 2025 20:01:07 +1100
Subject: [PATCH] CSP fixes

---
 config/initializers/csp_local_logger.rb | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/config/initializers/csp_local_logger.rb b/config/initializers/csp_local_logger.rb
index f11d937..cb0032f 100644
--- a/config/initializers/csp_local_logger.rb
+++ b/config/initializers/csp_local_logger.rb
@@ -59,7 +59,7 @@ Rails.application.config.after_initialize do
       # Determine severity for log level
       level = determine_log_level(csp_data[:violated_directive])
 
-      csp_logger.log(level, log_message)
+      self.csp_logger.log(level, log_message)
 
       # Also log to main Rails logger for visibility
       Rails.logger.info "CSP violation logged to csp_violations.log: #{violated_directive} - #{blocked_uri}"
@@ -70,6 +70,22 @@ Rails.application.config.after_initialize do
       Rails.logger.error e.backtrace.join("\n") if Rails.env.development?
     end
 
+    def self.csp_logger
+      @csp_logger ||= begin
+        csp_log_path = Rails.root.join("log", "csp_violations.log")
+        logger = Logger.new(
+          csp_log_path,
+          'daily',  # Rotate daily
+          30        # Keep 30 old log files
+        )
+        logger.level = Logger::INFO
+        logger.formatter = proc do |severity, datetime, progname, msg|
+          "[#{datetime.strftime('%Y-%m-%d %H:%M:%S')}] #{severity} #{msg}\n"
+        end
+        logger
+      end
+    end
+
     private
 
     def self.determine_log_level(violated_directive)