mirror of
https://0xacab.org/sutty/sutty
synced 2024-11-23 03:06:21 +00:00
43 lines
1.2 KiB
Ruby
43 lines
1.2 KiB
Ruby
|
# frozen_string_literal: true
|
||
|
|
||
|
module Api
|
||
|
module V1
|
||
|
# Recibe los reportes de Content Security Policy
|
||
|
class CspReportsController < BaseController
|
||
|
# Crea un reporte de CSP intercambiando los guiones medios por
|
||
|
# bajos
|
||
|
#
|
||
|
# TODO: Aplicar rate_limit
|
||
|
def create
|
||
|
csp = CspReport.new(csp_report_params.to_h.map do |k, v|
|
||
|
{ k.tr('-', '_') => v }
|
||
|
end.inject(&:merge))
|
||
|
|
||
|
csp.id = SecureRandom.uuid
|
||
|
csp.save
|
||
|
|
||
|
render json: {}, status: :created
|
||
|
end
|
||
|
|
||
|
private
|
||
|
|
||
|
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only#Violation_report_syntax
|
||
|
def csp_report_params
|
||
|
params.require(:'csp-report')
|
||
|
.permit(:disposition,
|
||
|
:referrer,
|
||
|
:'blocked-uri',
|
||
|
:'document-uri',
|
||
|
:'effective-directive',
|
||
|
:'original-policy',
|
||
|
:'script-sample',
|
||
|
:'status-code',
|
||
|
:'violated-directive',
|
||
|
:'line-number',
|
||
|
:'column-number',
|
||
|
:'source-file')
|
||
|
end
|
||
|
end
|
||
|
end
|
||
|
end
|