-
Notifications
You must be signed in to change notification settings - Fork 12
/
forward-csp-report-to-telegram.js
101 lines (83 loc) · 2.71 KB
/
forward-csp-report-to-telegram.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
/* Forward CSP (Content Security Policy) Report to Telegram via bot with Cloudflare Workers
Remember to set `TELEGRAM_BOT_TOKEN` and `TELEGRAM_CHAT_ID` in
[Cloudflare Workers Environment Secrets](https://developers.cloudflare.com/workers/platform/environment-variables/).
Example accepted JSON format (see <https://scotthelme.co.uk/content-security-policy-an-introduction/>):
Headers:
```
Content-Type: application/json
```
Body:
```json
{
"csp-report": {
"document-uri": "https://scotthelme.co.uk",
"referrer": "",
"blocked-uri": "http://scotthelme.co.uk",
"violated-directive": "default-src https:",
"original-policy": "default-src https:; report-uri https://report.scotthelme.co.uk"
}
}
```
References:
- <https://developers.cloudflare.com/workers/examples/read-post/>
- <https://developers.cloudflare.com/workers/examples/fetch-json/>
- <https://developer.mozilla.org/en-US/docs/Web/API/fetch>
- <https://core.telegram.org/bots/api#sendmessage>
*/
addEventListener('fetch', function (event) {
event.respondWith(handleRequest(event.request));
});
function makeResponse(code, text) {
const data = {
"code": code,
"message": text,
};
return new Response(JSON.stringify(data), {
headers: {
"content-type": "application/json;charset=utf-8" },
status: code,
})
}
async function handleRequest(request) {
const contentType = request.headers.get('content-type') || '';
if (!contentType.includes('application/json')) {
return makeResponse(400, "Report content is not a valid json.");
}
const reqBody = await request.json();
const report = reqBody['csp-report'];
if (!report) { return makeResponse(400, "Report content is not a valid json."); }
const documentURI = report['document-uri'];
const referrer = report['referrer'];
const blockedURI = report['blocked-uri'];
const msgData = {
"parse_mode": "MarkdownV2",
"text"
: "*CSP Report*\n"
+ "Document URI: `" + documentURI + "`\n"
+ "Referrer: `" + referrer + "`\n"
+ "Blocked URI: `" + blockedURI + "`"
+ "",
"chat_id": TELEGRAM_CHAT_ID,
}
const msgURI = 'https://api.telegram.org/bot' + TELEGRAM_BOT_TOKEN + '/sendMessage';
var success = false;
await fetch(msgURI, {
method: 'POST',
headers: {
'Content-Type': 'application/json'
},
body: JSON.stringify(msgData),
})
.then((response) => response.json())
.then((data) => {
success = data.ok;
console.log('Success:', data);
})
.catch((error) => {
success = false;
console.error('Error:', error);
});
return success
? makeResponse(200, "Successfully reported.")
: makeResponse(504, "Report not received, channel maybe down.");
}