csp-report-to is a simple PHP application designed to handle Content Security Policy (CSP) violation reports sent through the report-uri rule or the report-to rule/header.
Content Security Policy (CSP) is a web security standard that helps prevent various types of attacks such as Cross-Site Scripting (XSS). When a CSP policy is violated, the browser sends a report to a specified endpoint, and csp-report-to serves as an endpoint for handling these reports.
-
Clone the Repository:
git clone https://github.com/your-username/csp-report-to.git cd csp-report-to -
Configure Database:
- Create a PostgreSQL database (use steps in the
.sql/directory). - Update the
.config.phpfile with your database connection details.
- Create a PostgreSQL database (use steps in the
-
Run the Application:
- Deploy the
csp-report-toPHP application on a web server with PHP support.
- Deploy the
-
Set Up
report-uriorreport-toHeader in Your Application:- Update your CSP header to include the
report-uriorreport-todirective, pointing to thecsp-report-toendpoint.
Example with
report-uri:Content-Security-Policy: default-src 'self'; report-uri /csp-report-to
Example with
report-to:Report-To: {"group":"csp-endpoint","max_age":31536000,"endpoints":[{"url":"/csp-report-to"}],"include_subdomains":true} - Update your CSP header to include the
PHP7+ should work fine. You'll just need to enable PDO for Postgres:
extension=pdo_pgsql
Create the .config.php file to set up your PostgreSQL database connection details:
<?php
$config = [
'host' => 'your_database_host',
'port' => 'your_database_port',
'dbname' => 'your_database_name',
'user' => 'your_database_user',
'password' => 'your_database_password',
];