Feature #102079
open
CSP violation Event
0%
Description
We would very much like to have an additional Event dispatch when an CSP violation happens.
In the case where some external javascript changes or someone adds some external javascript it would be nice
to be able to enable some kind of notification. For example by email or Slack or something else...
Our worry is that without any notification the violation could be unhandled for longer periods of time which could
leads to other and larger problems (loss of revenues, customer experience etc).
Our suggestion/idea is to dispatch an event right after the report is persisted. To keep it simple the whole report is dispatched, thus
making it the eventlisteners job to handle what/when/how notification are sent based on the incoming report.
Example gists:
https://gist.github.com/hdj-typoconsult/71a06fd4af042aed7d3efa4f3ba2c67b
https://gist.github.com/hdj-typoconsult/fbf3579a2ba38a347c1f488976116852
Updated by
Updated by Oliver Hader about 1 year ago
Sounds good... maybe there's also a demand for pre-filtering these reports - e.g. having an event that allows to skip persisting particular reports (e.g. those coming from browser extensions).
Updated by Henrik Jensen about 1 year ago
Oliver Hader wrote in #note-3:
Sounds good... maybe there's also a demand for pre-filtering these reports - e.g. having an event that allows to skip persisting particular reports (e.g. those coming from browser extensions).
That is a good idea too.
Updated by Georg Ringer 5 months ago
- Category changed from Security to Content Security Policy
Updated by Oliver Hader 3 months ago
- Related to Bug #101797: Replace mutation mode extend by inherit & append added