tl;dr: self-hosted report-uri.com
?
I messed up my site’s Content-Security-Policy and blew up my report quota on report-uri.com last month. I’m happy with them, but I don’t really want to pay for this service, and I want to avoid that in the future. So I’m looking for something(s) to:
- Collect Content-Security-Policy browser reports (go-csp-collector is sufficient here, if not great, as it doesn’t support the newer Report-To) and log to JSON (or whatever)
- Collect other browser reports such as NEL, Deprecation, Crash and log to JSON
- Collect SMTP-TLS and DMARC email reports and log to JSON
- Display them somehow for searching and for seeing trends: preferably something less manual than Grafana, but I can collect the logs and do custom dashboards in Grafana that parse JSON (or whatever) logs if I need to.
- Let me filter incoming reports based on various things (like ignore CSP reports with no URL)
In my searches I found plenty of SaaS and no source code for the whole thing. Sentry and its clones are too much; I don’t want to instrument an app I don’t have. I did find plenty of 5-year old abandoned projects, though.
So, what’s out there in this space for self-hosting?
For reference, report-uri.com looks like the below, with the ability to drill down and filter and see reports.
New Lemmy Post: Self-hosted Content-Security-Policy report, etc, collector/displayer? (https://lemmy.world/post/11892903)
Tagging: #SelfHosted
(Replying in the OP of this thread (NOT THIS BOT!) will appear as a comment in the lemmy discussion.)
I am a FOSS bot. Check my README: https://github.com/db0/lemmy-tagginator/blob/main/README.md