Status

Webmaker
DevOps
RESOLVED FIXED
4 years ago
4 years ago

People

(Reporter: jbuck, Assigned: jp)

Tracking

Details

(Reporter)

Description

4 years ago
Let's deploy our homegrown CSP logger!

https://github.com/mozilla/csp-logger/

It's a standard nodejs app with an attached sql database. :jp, would you mind making the database a PostgreSQL database? I'd like to have an app where we can gain some experience using that. The domain whitelist should be set to the webmaker apps we have running in each environment. I'd leave the source blacklist as it is currently set.
(Assignee)

Comment 1

4 years ago
jbuck, how robust will prod need to be?  Expecting much traffic on it?
(Reporter)

Comment 2

4 years ago
I don't have any traffic predictions, to be honest. If our CSP policies are perfect, then the only traffic should be if users are running an extension. If we have a CSP violation, every single visitor to that page will send us a violation report. Hard to say!
(Assignee)

Comment 3

4 years ago
This has been deployed to production and staging, complete with Jenkins interface for pushing to prod/staging, and elb monitoring.

jbuck and i are chatting about how to manage the elb traffic now, so I'm not closing this yet.
(Reporter)

Comment 4

4 years ago
https://csplogger.mofostaging.net/ and https://csplogger.mofoprod.net/ are now up and running
Status: ASSIGNED → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.