mirror of
https://0xacab.org/sutty/sutty
synced 2024-11-22 21:46:22 +00:00
44 lines
1.3 KiB
Ruby
44 lines
1.3 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
module Api
|
|
module V1
|
|
# Recibe los reportes de Content Security Policy
|
|
class CspReportsController < BaseController
|
|
skip_forgery_protection
|
|
|
|
# Crea un reporte de CSP intercambiando los guiones medios por
|
|
# bajos
|
|
#
|
|
# TODO: Aplicar rate_limit
|
|
def create
|
|
csp = CspReport.new(csp_report_params.to_h.map do |k, v|
|
|
[k.tr('-', '_'), v]
|
|
end.to_h)
|
|
|
|
csp.id = SecureRandom.uuid
|
|
csp.save
|
|
|
|
render json: {}, status: :created
|
|
end
|
|
|
|
private
|
|
|
|
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only#Violation_report_syntax
|
|
def csp_report_params
|
|
params.require(:'csp-report')
|
|
.permit(:disposition,
|
|
:referrer,
|
|
:'blocked-uri',
|
|
:'document-uri',
|
|
:'effective-directive',
|
|
:'original-policy',
|
|
:'script-sample',
|
|
:'status-code',
|
|
:'violated-directive',
|
|
:'line-number',
|
|
:'column-number',
|
|
:'source-file')
|
|
end
|
|
end
|
|
end
|
|
end
|