I am currently setting up Umbraco CSP Manager on a project and was looking into setting up the CSP reporting. For now, I have created an API endpoint that will accept the CSP reports sent by the browsers. The endpoint will log the reports and a Log Search Alert Rule in Azure will alert me if any errors are logged. It works and I am happy (🎉), but I was wondering if there are better approaches to logging/being alerted when a CSP violation is raised? Third party services are not an option in my case.

Only thing I have used is report-uri I have considered adding a reporting endpoint to the package, but then was trying to think of where best to store the data 😄 maybe one for post v14

Would indeed be a nice feature for the CSP Manager 🤩 The

report-uri

is deprecated so I decided to use the

report-to

directive. I simply chose to log the violations in Umbraco as I could see any errors directly in the back office + I could easily create alerts in Azure.

sorry was meaning - https://report-uri.com/ 🙂

Ah! 😄 Sadly, that wasn't an option in my case 😦 Looks nice though!

Free tier is quite generous if your on top of the CSP 😄