5
0
Fork 0
mirror of https://0xacab.org/sutty/sutty synced 2024-11-22 21:06:22 +00:00
panel/app/controllers/api/v1/csp_reports_controller.rb

52 lines
1.5 KiB
Ruby
Raw Normal View History

2020-02-06 16:11:17 +00:00
# frozen_string_literal: true
module Api
module V1
# Recibe los reportes de Content Security Policy
class CspReportsController < BaseController
skip_forgery_protection
# No queremos indicar que algo salió mal
rescue_from ActionController::ParameterMissing, with: :csp_report_created
2020-02-06 16:11:17 +00:00
# Crea un reporte de CSP intercambiando los guiones medios por
# bajos
#
# TODO: Aplicar rate_limit
def create
2022-04-19 13:57:01 +00:00
csp = CspReport.new(csp_report_params.to_h.transform_keys do |k|
k.tr('-', '_')
end)
2020-02-06 16:11:17 +00:00
csp.id = SecureRandom.uuid
csp.save
csp_report_created
2020-02-06 16:11:17 +00:00
end
private
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only#Violation_report_syntax
def csp_report_params
params.require(:'csp-report')
.permit(:disposition,
:referrer,
:'blocked-uri',
:'document-uri',
:'effective-directive',
:'original-policy',
:'script-sample',
:'status-code',
:'violated-directive',
:'line-number',
:'column-number',
:'source-file')
end
def csp_report_created
render json: {}, status: :created
end
2020-02-06 16:11:17 +00:00
end
end
end