-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathroutes.php
33 lines (27 loc) · 1.07 KB
/
routes.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
<?php
use OFFLINE\CSP\Models\CSPLog;
use \Illuminate\Support\Str;
\Route::post(\OFFLINE\CSP\Plugin::REPORT_URI, function () {
$input = file_get_contents('php://input');
$data = object_get(json_decode($input, false), 'csp-report');
if (!$data) {
return response('Invalid request', 400);
}
$doNotTruncate = ['original_policy', 'script_sample'];
$log = [];
foreach ($data as $key => $value) {
// The database column names match the report keys,
// but the dashes need to be replaced by underscores.
$key = str_replace('-', '_', $key);
// Truncate long values so they will fit in the DB columns.
if (!in_array($key, $doNotTruncate)) {
$value = Str::limit($value, 191);
}
$log[$key] = $value;
}
// The $fillable property makes sure we only ever save values that are
// expected. This makes sure the implementation doesn't break once
// new fields are added to the CSP violation reports in the future.
CSPLog::create($log);
return response('', 204); // 204 No Content
});