Welcome Guest, Not a member yet? Register   Sign In
Catch data from CSP: report-uri

Hi guys how can I catch the data from CSP: report-uri? I already active it in the config App and set the report URL in ContentSecurityPolicy.php like this:
public $reportURI = '/csp-violation-report-endpoint';
at my Route.php I already define it like this:
$routes->add('csp-violation-report-endpoint', 'Home::csp');

And my controller like this:

    public function csp()
        log_message('info', 'CSP violation trigerred');
        $json_data = file_get_contents('php://input');

        $json_data = json_encode($json_data, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES);
        $current_domain = preg_replace('/www\./i', '', $_SERVER['SERVER_NAME']);
        $message = "The following Content-Security-Policy violation occurred on " .
            $current_domain . ":\n\n" .
            $json_data .
            "\n\nFurther CPS violations will be logged to the following log file, but no further email notifications will be sent until this log file is deleted:\n\n";

        log_message('error', $message);
But I don't get anything? is it something wrong or did I miss here? Thanks.

Use the IncomingRequest to get the data.

Yeah, I can give it try, but the problem is it doesn't even trigger although there's some CSP violation. Any idea what can cause it? thanks.

(This post was last modified: 06-29-2022, 12:13 AM by kenjis.)

It seems your code should work.

My Config:
diff --git a/app/Config/App.php b/app/Config/App.php
index 1a5e562dd..03e8eb649 100644
--- a/app/Config/App.php
+++ b/app/Config/App.php
@@ -461,5 +461,5 @@ class App extends BaseConfig
      * @var bool
-    public $CSPEnabled = false;
+    public $CSPEnabled = true;
diff --git a/app/Config/ContentSecurityPolicy.php b/app/Config/ContentSecurityPolicy.php
index aa18ba9f1..3d863a634 100644
--- a/app/Config/ContentSecurityPolicy.php
+++ b/app/Config/ContentSecurityPolicy.php
@@ -32,7 +32,7 @@ class ContentSecurityPolicy extends BaseConfig
      * @var string|null
-    public $reportURI;
+    public $reportURI = '/csp-report';

      * Instructs user agents to rewrite URL schemes, changing
diff --git a/app/Config/Routes.php b/app/Config/Routes.php
index ff2ac645c..9d0907edc 100644
--- a/app/Config/Routes.php
+++ b/app/Config/Routes.php
@@ -37,6 +37,8 @@ $routes->set404Override();
// route since we don't have to scan directories.
$routes->get('/', 'Home::index');

+$routes->post('csp-report', 'CspReport::index');
  * --------------------------------------------------------------------
  * Additional Routing

And controller:

PHP Code:

namespace App\Controllers;


CspReport extends BaseController
    private string $logfile WRITEPATH 'logs/csp-report.log';

    public function index()
        $log $this->createLogEntry();


        return $this->response->setStatusCode(204);

    private function createLogEntry(): stdClass
        $log = new stdClass();

        $log->date Time::now()->format('Y-m-d H:i:s');

        return $log;

    private function addRequestHeaders(stdClass $log): void
        foreach ($this->request->headers() as $name => $value) {
            $log->headers[$name] = (string) $value;

    private function addCspReport(stdClass $log): void
        /** @var stdClass|null $report */
        $report $this->request->getJSON();

        if ($report !== null && json_last_error() === JSON_ERROR_NONE) {
            $log->{'csp-report'} = $report->{'csp-report'};

    private function writeToLogfile(stdClass $log): void
        /** @var string $json */
        $json json_encode($logJSON_PRETTY_PRINT JSON_UNESCAPED_SLASHES);

        file_put_contents($this->logfile$json "\n"LOCK_EX FILE_APPEND);


Hi, thanks for your reply. I follow all your code but it still doesn't work. I got this error in my console but still, i don't see any log https://ibb.co/zHggzmt

Thank you for the information here!

Theme © iAndrew 2016 - Forum software by © MyBB