You can now send Logflare all your Reporting API reports. Reporting API reports include CSP violations, network errors, etc (lots of interesting stuff in there). Just set your report-to
and report-uri
to https://api.logflare.app/logs/browser/reports?api_key=YOUR_KEY&source_id=YOUR_SOURCE_ID
Note, the api_key
here is an ingest api key and doesn’t allow any sort of account access.
Would love some feedback on this!
Example Cloudflare worker to modify your response headers:
async function handleRequest(request) {
// Make the headers mutable by re-constructing the Request.
request = new Request(request)
const URL = request.url
// URL is set up to respond with dummy HTML, remove to send requests to your own origin
let response = await fetch(URL, request)
// Make the headers mutable by re-constructing the Response.
response = new Response(response.body, response)
lf = "https://api.logflare.app/logs/browser/reports?api_key=YOUR_KEY&source_id=YOUR_SOURCE"
reportTo = {
"group": "logflare",
"max_age": 2592000,
"endpoints": [{
"url": lf
}],
"include_subdomains":true
}
csp = `default-src 'self'; upgrade-insecure-requests; block-all-mixed-content; report-uri ${lf}; report-to logflare`
expect = `max-age=86400,report-uri=${lf}`
nel = {
"report_to": "logflare",
"max_age": 2592000,
"include_subdomains":true
}
response.headers.set('Report-To', JSON.stringify(reportTo))
response.headers.set('Content-Security-Policy-Report-Only', csp)
response.headers.set('Expect-CT', expect)
response.headers.set('NEL', JSON.stringify(nel))
return response
}
addEventListener('fetch', event => {
event.respondWith(handleRequest(event.request))
})