From 68c45ad53b34301c1a0c59352a839db13e1f2420 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Wed, 15 Jul 2020 16:55:49 +0200 Subject: Add CSP reports --- modules/private/environment.nix | 10 +++++++++ modules/private/websites/tools/tools/default.nix | 3 +++ .../tools/tools/landing/report_csp_violation.php | 25 ++++++++++++---------- 3 files changed, 27 insertions(+), 11 deletions(-) diff --git a/modules/private/environment.nix b/modules/private/environment.nix index 3a805c6..b8c4dd2 100644 --- a/modules/private/environment.nix +++ b/modules/private/environment.nix @@ -1077,6 +1077,16 @@ in type = attrsOf str; description = "Mapping 'name'.php => script for webhooks"; }; + csp_reports = mkOption { + description = "CSP report configuration"; + type = submodule { + options = { + report_uri = mkOption { type = str; description = "URI to report CSP violations to"; }; + policies = mkOption { type = attrsOf str; description = "CSP policies to apply"; }; + postgresql = mkPsqlOptions "CSP reports"; + }; + }; + }; commento = mkOption { description = "Commento configuration"; type = submodule { diff --git a/modules/private/websites/tools/tools/default.nix b/modules/private/websites/tools/tools/default.nix index 7a9a125..93d1122 100644 --- a/modules/private/websites/tools/tools/default.nix +++ b/modules/private/websites/tools/tools/default.nix @@ -112,6 +112,7 @@ in { '' Timeout 600 ProxyTimeout 600 + Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}" DirectoryIndex index.php index.htm index.html AllowOverride all @@ -304,6 +305,8 @@ in { }; phpEnv = { CONTACT_EMAIL = config.myEnv.tools.contact; + CSP_REPORT_URI = with config.myEnv.tools.csp_reports.postgresql; + "\"host=${socket} dbname=${database} user=${user} password=${password}\""; }; phpPackage = pkgs.php72; }; diff --git a/modules/private/websites/tools/tools/landing/report_csp_violation.php b/modules/private/websites/tools/tools/landing/report_csp_violation.php index 13a3234..30140b2 100644 --- a/modules/private/websites/tools/tools/landing/report_csp_violation.php +++ b/modules/private/websites/tools/tools/landing/report_csp_violation.php @@ -1,19 +1,22 @@