Feature #102079
openCSP violation Event
0%
Description
We would very much like to have an additional Event dispatch when an CSP violation happens.
In the case where some external javascript changes or someone adds some external javascript it would be nice
to be able to enable some kind of notification. For example by email or Slack or something else...
Our worry is that without any notification the violation could be unhandled for longer periods of time which could
leads to other and larger problems (loss of revenues, customer experience etc).
Our suggestion/idea is to dispatch an event right after the report is persisted. To keep it simple the whole report is dispatched, thus
making it the eventlisteners job to handle what/when/how notification are sent based on the incoming report.
Example gists:
https://gist.github.com/hdj-typoconsult/71a06fd4af042aed7d3efa4f3ba2c67b
https://gist.github.com/hdj-typoconsult/fbf3579a2ba38a347c1f488976116852