Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums CodeIgniter 4 CodeIgniter 4 Support Catch data from CSP: report-uri
Catch data from CSP: report-uri
  • Offline Eko
    Newbie
  • *
  • Posts: 7
    Threads: 2
    Joined: Jun 2022
    Reputation: 0
#1
06-16-2022, 12:49 AM

Hi guys how can I catch the data from CSP: report-uri? I already active it in the config App and set the report URL in ContentSecurityPolicy.php like this:
 
Code:
public $reportURI = '/csp-violation-report-endpoint';
at my Route.php I already define it like this:
Code:
$routes->add('csp-violation-report-endpoint', 'Home::csp');

And my controller like this:

    public function csp()
    {
        log_message('info', 'CSP violation trigerred');
        $json_data = file_get_contents('php://input');

        $json_data = json_encode($json_data, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES);
        $current_domain = preg_replace('/www\./i', '', $_SERVER['SERVER_NAME']);
        $message = "The following Content-Security-Policy violation occurred on " .
            $current_domain . ":\n\n" .
            $json_data .
            "\n\nFurther CPS violations will be logged to the following log file, but no further email notifications will be sent until this log file is deleted:\n\n";

        log_message('error', $message);
    }
But I don't get anything? is it something wrong or did I miss here? Thanks.
Reply
  • Offline iRedds
    Senior Member
  • ****
  • Posts: 662
    Threads: 36
    Joined: Apr 2019
    Reputation: 45
#2
06-16-2022, 08:12 AM

Use the IncomingRequest to get the data.
Reply
  • Offline Eko
    Newbie
  • *
  • Posts: 7
    Threads: 2
    Joined: Jun 2022
    Reputation: 0
#3
06-16-2022, 08:37 PM

Yeah, I can give it try, but the problem is it doesn't even trigger although there's some CSP violation. Any idea what can cause it? thanks.
Reply
  • Offline kenjis
    Administrator
  • *******
  • Posts: 3,251
    Threads: 90
    Joined: Oct 2014
    Reputation: 205
#4
06-29-2022, 12:03 AM
(This post was last modified: 06-29-2022, 12:13 AM by kenjis.)

It seems your code should work.

My Config:
Code:
diff --git a/app/Config/App.php b/app/Config/App.php
index 1a5e562dd..03e8eb649 100644
--- a/app/Config/App.php
+++ b/app/Config/App.php
@@ -461,5 +461,5 @@ class App extends BaseConfig
      *
      * @var bool
      */
-    public $CSPEnabled = false;
+    public $CSPEnabled = true;
}
diff --git a/app/Config/ContentSecurityPolicy.php b/app/Config/ContentSecurityPolicy.php
index aa18ba9f1..3d863a634 100644
--- a/app/Config/ContentSecurityPolicy.php
+++ b/app/Config/ContentSecurityPolicy.php
@@ -32,7 +32,7 @@ class ContentSecurityPolicy extends BaseConfig
      *
      * @var string|null
      */
-    public $reportURI;
+    public $reportURI = '/csp-report';

    /**
      * Instructs user agents to rewrite URL schemes, changing
diff --git a/app/Config/Routes.php b/app/Config/Routes.php
index ff2ac645c..9d0907edc 100644
--- a/app/Config/Routes.php
+++ b/app/Config/Routes.php
@@ -37,6 +37,8 @@ $routes->set404Override();
// route since we don't have to scan directories.
$routes->get('/', 'Home::index');

+$routes->post('csp-report', 'CspReport::index');
+
/*
  * --------------------------------------------------------------------
  * Additional Routing
And controller:

PHP Code:
<?php

namespace App\Controllers;

use CodeIgniter\I18n\Time;
use stdClass;

class CspReport extends BaseController
{
    private string $logfile WRITEPATH 'logs/csp-report.log';

    public function index()
    {
        $log $this->createLogEntry();

        $this->addRequestHeaders($log);
        $this->addCspReport($log);
        $this->writeToLogfile($log);

        return $this->response->setStatusCode(204);
    }

    private function createLogEntry(): stdClass
    {
        $log = new stdClass();

        $log->date Time::now()->format('Y-m-d H:i:s');

        return $log;
    }

    private function addRequestHeaders(stdClass $log): void
    {
        foreach ($this->request->headers() as $name => $value) {
            $log->headers[$name] = (string) $value;
        }
    }

    private function addCspReport(stdClass $log): void
    {
        /** @var stdClass|null $report */
        $report $this->request->getJSON();

        if ($report !== null && json_last_error() === JSON_ERROR_NONE) {
            $log->{'csp-report'} = $report->{'csp-report'};
        }
    }

    private function writeToLogfile(stdClass $log): void
    {
        /** @var string $json */
        $json json_encode($logJSON_PRETTY_PRINT JSON_UNESCAPED_SLASHES);

        file_put_contents($this->logfile$json "\n"LOCK_EX FILE_APPEND);
    }

ci-phpunit-test | CodeIgniter Testing Guide | CodeIgniter 3 to 4 Upgrade Helper
Reply
  • Offline Eko
    Newbie
  • *
  • Posts: 7
    Threads: 2
    Joined: Jun 2022
    Reputation: 0
#5
07-02-2022, 11:20 AM

Hi, thanks for your reply. I follow all your code but it still doesn't work. I got this error in my console but still, i don't see any log https://ibb.co/zHggzmt
Reply
#6
07-04-2022, 11:46 PM

Thank you for the information here!
Reply




Theme © iAndrew 2016 - Forum software by © MyBB