1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
.. _reports-chapter:
=====================
CSP Violation Reports
=====================
When something on a page violates the Content-Security-Policy, and the
policy defines a ``report-uri`` directive, the user agent may POST a
report_. Reports are JSON blobs containing information about how the
policy was violated.
Note: django-csp no longer handles report processing itself, so you will
need to stand up your own app to receive them, or else make use of a
third-party report processing service.
Throttling the number of reports
--------------------------------
To throttle the number of requests made to your ``report-uri`` endpoint, you
can use ``csp.contrib.rate_limiting.RateLimitedCSPMiddleware`` instead of
``csp.middleware.CSPMiddleware`` and set the ``CSP_REPORT_PERCENTAGE`` option:
``CSP_REPORT_PERCENTAGE``
Percentage of requests that should see the ``report-uri`` directive.
Use this to throttle the number of CSP violation reports made to your
``CSP_REPORT_URI``. A **float** between 0 and 1 (0 = no reports at all).
Ignored if ``CSP_REPORT_URI`` isn't set.
.. _report: http://www.w3.org/TR/CSP/#sample-violation-report
|
