CSP (Content Security Policy) reports server which forwards reports to Elasticsearch.
CSP violation report endpoint using Elasticsearch as storage. Basically a https://report-uri.io/ alternative.
It is a Node.js application designed to receive CSP (Content Security Policy) reports and inject them in Elasticsearch for analysis.
This project was implemented and tested using Amazon AWS services in the following way:
AWS EC2 (Linux) running Nginx and Node.js -> AWS Elasticsearch Service
TLDR;
git clone [email protected]:seek-oss/csp-server.git
nodejs/config.js
and set the Elasticsearch URL, port and versionnodejs/server.js
node ./nodejs/server.js
This way the Node.js appliation will listen in the configured port and process POST requests containing CSP reports. Each POST will be sent to Elasticsearch into indices named cspdata-YYYYMMDD
Endpoints:
POST
http://localhost:9000/index - CSP report in json formatGET
http://localhost:9000/_healthcheck - health checkFor details on how to configure a server to support https (SSL) using Nginx, Node as service using PM2 manager, log rotation and setting up Elasticsearch in AWS continue reading:
In this project we create the AWS resources using AWS CLI.
Install Nginx - Instructions here: nginx
Install Node - Instructions here: nodejs
Configure Elasticsearch - Instructions here: elasticsearch
Configure rotation scripts - Instructions here: bash
Get your customers to start sending CSP reports to your server