modules/private/websites/tools/tools/landing/report_csp_violation.php

   1 <?php
   2 http_response_code(204);
   3
   4 $dbconn = pg_connect(getenv("CSP_REPORT_URI")) or die();
   5
   6 function _get(&$var, $default=null) {
   7   return isset($var) ? $var : $default;
   8 }
   9
  10 $json_data = file_get_contents('php://input');
  11 if ($json_data = json_decode($json_data, true)) {
  12   $report = _get($json_data["csp-report"], Array());
  13   $blocked_uri = _get($report["blocked-uri"], "");
  14   $document_uri = _get($report["document-uri"], "");
  15   $original_policy = _get($report["original-policy"], "");
  16   $referrer = _get($report["referrer"], "");
  17   $violated_directive = _get($report["violated-directive"], "");
  18
  19   $query = pg_prepare($dbconn, "insert_query", 'INSERT INTO csp_reports (blocked_uri, document_uri, original_policy, referrer, violated_directive, total_count, last) VALUES ($1, $2, $3, $4, $5, 1, NOW()) ON CONFLICT ON CONSTRAINT csp_report_unique DO UPDATE SET total_count = csp_reports.total_count + 1, last = NOW(), referrer = EXCLUDED.referrer, original_policy = EXCLUDED.original_policy');
  20
  21   pg_execute($dbconn, "insert_query", Array($blocked_uri, $document_uri, $original_policy, $referrer, $violated_directive));
  22 }