Contents

require_dependency "csp_report/application_controller"

class CspReport::CspReportsController < ApplicationController
  # The browser submitting the report will not have any CSRF token
  skip_before_filter :verify_authenticity_token

  #Only provided as an API
  respond_to :json

  def index
    @reports = CspReport::CspReport.all
  end

  def create
    param = request.request_parameters()['csp-report']
    report = CspReport::CspReport.new do |r|
      r.document_uri = param['document-uri']
      r.referrer = param['referrer']
      r.violated_directive = param['violated-directive']
      r.original_policy = param['original-policy']
      r.blocked_uri = param['blocked-uri']
    end
    report.save!
    render status: 200, nothing: true
  end
end

Version data entries

3 entries across 3 versions & 1 rubygems

Version	Path
csp_report-0.1.2	app/controllers/csp_report/csp_reports_controller.rb
csp_report-0.1.1	app/controllers/csp_report/csp_reports_controller.rb
csp_report-0.1.0	app/controllers/csp_report/csp_reports_controller.rb