Let's deploy our homegrown CSP logger! https://github.com/mozilla/csp-logger/ It's a standard nodejs app with an attached sql database. :jp, would you mind making the database a PostgreSQL database? I'd like to have an app where we can gain some experience using that. The domain whitelist should be set to the webmaker apps we have running in each environment. I'd leave the source blacklist as it is currently set.
jbuck, how robust will prod need to be? Expecting much traffic on it?
I don't have any traffic predictions, to be honest. If our CSP policies are perfect, then the only traffic should be if users are running an extension. If we have a CSP violation, every single visitor to that page will send us a violation report. Hard to say!
This has been deployed to production and staging, complete with Jenkins interface for pushing to prod/staging, and elb monitoring. jbuck and i are chatting about how to manage the elb traffic now, so I'm not closing this yet.
https://csplogger.mofostaging.net/ and https://csplogger.mofoprod.net/ are now up and running
Status: ASSIGNED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.