From d7f3733ac3e41dd86f7f4d16b8de76a9d45b3d2c Mon Sep 17 00:00:00 2001 From: SaekiTominaga Date: Sun, 25 Aug 2024 15:49:19 +0900 Subject: [PATCH] =?UTF-8?q?Reporting-Endpoints=20=E3=83=98=E3=83=83?= =?UTF-8?q?=E3=83=80=E3=83=BC=E3=82=92=E9=80=81=E5=87=BA=E3=81=99=E3=82=8B?= =?UTF-8?q?=E3=82=88=E3=81=86=E3=81=AB=E5=A4=89=E6=9B=B4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- configure/schema/express.json | 10 +++++++++- express/src/app.ts | 8 ++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/configure/schema/express.json b/configure/schema/express.json index d34bae8e1..10431f683 100644 --- a/configure/schema/express.json +++ b/configure/schema/express.json @@ -35,7 +35,7 @@ "header": { "type": "object", "title": "レスポンスヘッダー", - "required": ["hsts", "csp", "csp_html", "cspro_html"], + "required": ["hsts", "csp", "csp_html", "cspro_html", "reporting_endpoints"], "properties": { "hsts": { "type": "string", @@ -52,6 +52,14 @@ "cspro_html": { "type": "string", "title": "Content-Security-Policy-Report-Only (HTML)" + }, + "reporting_endpoints": { + "type": "object", + "title": "Reporting-Endpoints", + "additionalProperties": { + "type": "string", + "title": "エンドポイントの URL" + } } }, "additionalProperties": false diff --git a/express/src/app.ts b/express/src/app.ts index 4e7fdd614..e9e95c1dc 100644 --- a/express/src/app.ts +++ b/express/src/app.ts @@ -49,6 +49,14 @@ app.use( /* CSP */ res.setHeader('Content-Security-Policy', config.response.header.csp); + /* Report */ + res.setHeader( + 'Reporting-Endpoints', + Object.entries(config.response.header.reporting_endpoints) + .map((endpoint) => `${endpoint.at(0) ?? ''}="${endpoint.at(1) ?? ''}"`) + .join(','), + ); + /* MIME スニッフィング抑止 */ res.setHeader('X-Content-Type-Options', 'nosniff');