UNPKG

reporting-api

Version:

Roll your own Reporting API collector. Supports CSP, COEP, COOP, Document-Policy, Crash reports, Deprecation reports, Intervention reports and Network Error Logging

github.com/wille/reporting-api

wille/reporting-api

202 lines (198 loc) • 6.16 kB

JavaScript

'use strict'; var zod = require('zod'); const ContentSecurityPolicyReport = zod.z .object({ blockedURL: zod.z.string(), columnNumber: zod.z.number().optional(), disposition: zod.z.enum(['enforce', 'report']), documentURL: zod.z.string(), // url effectiveDirective: zod.z.string(), lineNumber: zod.z.number().optional(), originalPolicy: zod.z.string(), referrer: zod.z.string().optional(), sample: zod.z.string().optional(), sourceFile: zod.z.string().optional(), statusCode: zod.z.number().optional(), }) .passthrough(); const CrossOriginOpenerPolicyReport = zod.z .object({ disposition: zod.z.enum(['reporting', 'enforce']), effectivePolicy: zod.z.enum([ 'unsafe-none', 'same-origin', 'same-origin-allow-popups', 'same-origin-plus-coep', ]), type: zod.z.enum([ 'navigate-to-document', 'navigate-from-document', 'navigation-from-response', 'navigation-to-response', 'access-to-coop-page-from-opener', 'access-from-coop-page-to-opener', 'access-from-coop-page-to-other', 'access-from-coop-page-to-openee', 'access-to-coop-page-from-opener', 'access-to-coop-page-from-openee', 'access-to-coop-page-from-other', ]), columnNumber: zod.z.number().optional(), initialPopupURL: zod.z.string().optional(), lineNumber: zod.z.number().optional(), openeeURL: zod.z.string().optional(), // url property: zod.z.string().optional(), // closed, postMessage sourceFile: zod.z.string().optional(), // url }) .passthrough(); const CrossOriginEmbedderPolicyReport = zod.z .object({ disposition: zod.z.enum(['reporting', 'enforce']), blockedURL: zod.z.string().optional(), // url /** * - navigation * - worker initialization * - corp */ type: zod.z.string(), // navigation, 'worker initialization', corp /** * Set on `type: 'corp'` */ destination: zod.z.string().optional(), // script, iframe }) .passthrough(); const NetworkErrorLogging = zod.z .object({ elapsed_time: zod.z.number(), method: zod.z.string(), phase: zod.z.string(), // application protocol: zod.z.string(), referrer: zod.z.string(), sampling_fraction: zod.z.number(), server_ip: zod.z.string(), status_code: zod.z.number(), type: zod.z.string(), // http.error }) .passthrough(); const PermissionsPolicyViolation = zod.z .object({ message: zod.z.string(), disposition: zod.z.enum(['report', 'enforce']), /** * The voilated policy * `accelerometer`, `autoplay`, ... */ policyId: zod.z.string(), columnNumber: zod.z.number().optional(), lineNumber: zod.z.number().optional(), sourceFile: zod.z.string(), }) .passthrough(); const PotentialPermissionsPolicyViolation = zod.z .object({ allowAttribute: zod.z.string(), disposition: zod.z.enum(['report', 'enforce']), message: zod.z.string(), policyId: zod.z.string(), srcAttribute: zod.z.string(), }) .passthrough(); const InterventionReport = zod.z.object({ id: zod.z.string(), message: zod.z.string(), columnNumber: zod.z.number().optional(), lineNumber: zod.z.number().optional(), sourceFile: zod.z.string().optional(), }); const CrashReport = zod.z.object({ /** * Crash reason * * - `oom` Out of memory */ reason: zod.z.string().optional(), // oom }); const DeprecationReport = zod.z.object({ id: zod.z.string(), message: zod.z.string(), columnNumber: zod.z.number().optional(), lineNumber: zod.z.number().optional(), sourceFile: zod.z.string().optional(), }); const Report = zod.z .discriminatedUnion('type', [ zod.z.object({ type: zod.z.literal('csp-violation'), body: ContentSecurityPolicyReport, }), zod.z.object({ type: zod.z.literal('coop'), body: CrossOriginOpenerPolicyReport, }), zod.z.object({ type: zod.z.literal('coep'), body: CrossOriginEmbedderPolicyReport, }), zod.z.object({ type: zod.z.literal('deprecation'), body: DeprecationReport, }), zod.z.object({ type: zod.z.literal('crash'), body: CrashReport, }), zod.z.object({ type: zod.z.literal('intervention'), body: InterventionReport, }), zod.z.object({ type: zod.z.literal('network-error'), body: NetworkErrorLogging, }), zod.z.object({ type: zod.z.literal('permissions-policy-violation'), body: PermissionsPolicyViolation, }), zod.z.object({ type: zod.z.literal('potential-permissions-policy-violation'), body: PotentialPermissionsPolicyViolation, }), ]) .and(zod.z.object({ /** * URL of the page where the violation occured */ url: zod.z.string(), // url /** * Age of the report in milliseconds */ age: zod.z.number(), user_agent: zod.z.string(), /** * Your policy version */ version: zod.z.string().optional(), /** * The format the report was received in * * - `report-uri` legacy csp report-uri attribute * - `report-to` Reporting API report * - `report-to-safari` Safari is not sending buffered reports, fields in camelCase, body in `body` instead of `csp-report` etc */ report_format: zod.z.enum([ 'report-uri', 'report-to', 'report-to-safari', ]), })); exports.ContentSecurityPolicyReport = ContentSecurityPolicyReport; exports.CrashReport = CrashReport; exports.CrossOriginEmbedderPolicyReport = CrossOriginEmbedderPolicyReport; exports.CrossOriginOpenerPolicyReport = CrossOriginOpenerPolicyReport; exports.DeprecationReport = DeprecationReport; exports.InterventionReport = InterventionReport; exports.NetworkErrorLogging = NetworkErrorLogging; exports.PermissionsPolicyViolation = PermissionsPolicyViolation; exports.PotentialPermissionsPolicyViolation = PotentialPermissionsPolicyViolation; exports.Report = Report; //# sourceMappingURL=schemas.cjs.map