Output CSP-reports.
authorFelix Dörre <felix@dogcraft.de>
Thu, 3 Jul 2014 20:18:36 +0000 (22:18 +0200)
committerFelix Dörre <felix@dogcraft.de>
Thu, 3 Jul 2014 20:18:36 +0000 (22:18 +0200)
src/org/cacert/gigi/Gigi.java
src/org/cacert/gigi/api/GigiAPI.java

index b6aa90ebd5386b26f3742d41e7090a10829a297b..22364cb0834a442dbf45e60ff9f21abd4ec59c23 100644 (file)
@@ -149,10 +149,14 @@ public class Gigi extends HttpServlet {
                hsr.addHeader("Access-Control-Allow-Origin",
                                "http://cacert.org https://localhost");
                hsr.addHeader("Access-Control-Max-Age", "60");
-               hsr.addHeader("Content-Security-Policy", "default-src 'self' https://"
+               hsr.addHeader("Content-Security-Policy", "default-src 'self' "//
+                               + "https://"
                                + ServerConstants.getStaticHostNamePort()
-                               + ";frame-ancestors 'none'");
-               // ;report-uri https://felix.dogcraft.de/report.php
+                               + ";"
+                               + "frame-ancestors 'none';"//
+                               + "report-uri https://"
+                               + ServerConstants.getApiHostNamePort()
+                               + "/security/csp/report");
 
        }
 }
index 74cff967ef9d26ed445f37d5350a31f52a38b708..88c8da81b3a99b4c794040b155cab5ca14599390 100644 (file)
@@ -1,8 +1,10 @@
 package org.cacert.gigi.api;
 
 import java.io.IOException;
+import java.io.InputStreamReader;
 
 import javax.servlet.ServletException;
+import javax.servlet.ServletInputStream;
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -15,5 +17,16 @@ public class GigiAPI extends HttpServlet {
                if (pi == null) {
                        return;
                }
+               if (pi.equals("/security/csp/report")) {
+                       ServletInputStream sis = req.getInputStream();
+                       InputStreamReader isr = new InputStreamReader(sis, "UTF-8");
+                       StringBuffer strB = new StringBuffer();
+                       char[] buffer = new char[4 * 1024];
+                       int len;
+                       while ((len = isr.read(buffer)) > 0) {
+                               strB.append(buffer, 0, len);
+                       }
+                       System.out.println(strB);
+               }
        }
 }