Merge pull request #563 from SaekiTominaga/reporting-api-v1

Reporting API v1 対応（Reporting-Endpoints ヘッダー）
SaekiTominaga · Aug 26, 2024 · e86e403 · e86e403
2 parents 59195b1 + d7f3733
commit e86e403
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 1 deletion.
diff --git a/configure/schema/express.json b/configure/schema/express.json
@@ -35,7 +35,7 @@
 				"header": {
 					"type": "object",
 					"title": "レスポンスヘッダー",
-					"required": ["hsts", "csp", "csp_html", "cspro_html"],
+					"required": ["hsts", "csp", "csp_html", "cspro_html", "reporting_endpoints"],
 					"properties": {
 						"hsts": {
 							"type": "string",
@@ -52,6 +52,14 @@
 						"cspro_html": {
 							"type": "string",
 							"title": "Content-Security-Policy-Report-Only (HTML)"
+						},
+						"reporting_endpoints": {
+							"type": "object",
+							"title": "Reporting-Endpoints",
+							"additionalProperties": {
+								"type": "string",
+								"title": "エンドポイントの URL"
+							}
 						}
 					},
 					"additionalProperties": false

diff --git a/express/src/app.ts b/express/src/app.ts
@@ -49,6 +49,14 @@ app.use(
 		/* CSP */
 		res.setHeader('Content-Security-Policy', config.response.header.csp);
 
+		/* Report */
+		res.setHeader(
+			'Reporting-Endpoints',
+			Object.entries(config.response.header.reporting_endpoints)
+				.map((endpoint) => `${endpoint.at(0) ?? ''}="${endpoint.at(1) ?? ''}"`)
+				.join(','),
+		);
+
 		/* MIME スニッフィング抑止 */
 		res.setHeader('X-Content-Type-Options', 'nosniff');