Closed Bug 952334 Opened 11 years ago Closed 10 years ago

Deploy CSP logger

Categories

(Webmaker Graveyard :: DevOps, defect)

Product:
Webmaker Graveyard
Component:
DevOps
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: jon, Assigned: johns)

References

Details

Let's deploy our homegrown CSP logger!

https://github.com/mozilla/csp-logger/

It's a standard nodejs app with an attached sql database. :jp, would you mind making the database a PostgreSQL database? I'd like to have an app where we can gain some experience using that. The domain whitelist should be set to the webmaker apps we have running in each environment. I'd leave the source blacklist as it is currently set.
jbuck, how robust will prod need to be?  Expecting much traffic on it?
I don't have any traffic predictions, to be honest. If our CSP policies are perfect, then the only traffic should be if users are running an extension. If we have a CSP violation, every single visitor to that page will send us a violation report. Hard to say!
This has been deployed to production and staging, complete with Jenkins interface for pushing to prod/staging, and elb monitoring.

jbuck and i are chatting about how to manage the elb traffic now, so I'm not closing this yet.
https://csplogger.mofostaging.net/ and https://csplogger.mofoprod.net/ are now up and running
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.