Handling CSP Violations
Handling CSP Violations
Implementing violation reporting provides crucial insights:
// CSP Violation Report Handler
app.post('/csp-violation-report-endpoint', express.json({ type: 'application/csp-report' }), (req, res) => {
const violation = req.body['csp-report'];
// Log violation details
console.log('CSP Violation:', {
documentUri: violation['document-uri'],
violatedDirective: violation['violated-directive'],
blockedUri: violation['blocked-uri'],
sourceFile: violation['source-file'],
lineNumber: violation['line-number']
});
// Store in database for analysis
db.cspViolations.insert({
timestamp: new Date(),
violation: violation,
userAgent: req.headers['user-agent'],
ip: req.ip
});
res.status(204).end();
});