collector

package
v0.0.0-...-f115076 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 20, 2024 License: Apache-2.0 Imports: 3 Imported by: 0

Documentation

Overview

Package collector provides a function for creating violation report handlers. The created safehttp.Handler will be able to parse generic violation reports as specified by https://w3c.github.io/reporting/ and CSP violation reports as specified by https://www.w3.org/TR/CSP3/#deprecated-serialize-violation.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Handler 

func Handler(handler func(Report), cspHandler func(CSPReport)) safehttp.Handler

Handler builds a safehttp.Handler which calls the given handler or cspHandler when a violation report is received. Make sure to register the handler to receive POST requests. If the handler recieves anything other than POST requests it will respond with a 405 Method Not Allowed.

Types

type CSPReport 

type CSPReport struct {
	// BlockedURL is the URL of the resource that was blocked from loading by the
	// Content Security Policy. If the blocked URL is from a different origin than
	// the DocumentURL, the blocked URL is truncated to contain just the scheme,
	// host and port.
	BlockedURL string
	// Disposition is either "enforce" or "report" depending on whether the Content-Security-Policy
	// header or the Content-Security-Policy-Report-Only header is used.
	Disposition string
	// DocumentURL is the URL of the document in which the violation occurred.
	DocumentURL string
	// EffectiveDirective is the directive whose enforcement caused the violation.
	EffectiveDirective string
	// OriginalPolicy is the original policy as specified by the Content Security
	// Policy header.
	OriginalPolicy string
	// Referrer is the referrer of the document in which the violation occurred.
	Referrer string
	// Sample is the first 40 characters of the inline script, event handler,
	// or style that caused the violation.
	Sample string
	// StatusCode is the HTTP status code of the resource on which the global object
	// was instantiated.
	StatusCode uint
	// ViolatedDirective is the name of the policy section that was violated.
	ViolatedDirective string
	// SourceFile represents the URL of the document or worker in which the violation
	// was found.
	SourceFile string
	// LineNumber is the line number in the document or worker at which the violation
	// occurred.
	LineNumber uint
	// ColumnNumber is the column number in the document or worker at which the violation
	// occurred.
	ColumnNumber uint
}

CSPReport represents a CSP violation report as specified by https://www.w3.org/TR/CSP3/#deprecated-serialize-violation

type Report 

type Report struct {
	// Type represents the type of the report. This will control how Body looks
	// like.
	Type string
	// Age represents the number of milliseconds since the violation causing the
	// report occured.
	Age uint64
	// URL is the address of the Document or Worker from which the report was
	// generated.
	URL string
	// UserAgent contains the value of the User-Agent header of the request from
	// which the report was generated.
	UserAgent string
	// Body contains the body of the report. This will be different for every Type.
	// If Type is csp-violation then Body will be a CSPReport. Otherwise Body will
	// be a map[string]interface{} containing the object that was passed, as unmarshalled
	// using encoding/json.
	Body interface{}
}

Report represents a generic report as specified by https://w3c.github.io/reporting/#serialize-reports

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.