reporting-api/dist/schemas.js

Roll your own Reporting API collector. Supports CSP, COEP, COOP, Document-Policy, Crash reports, Deprecation reports, Intervention reports and Network Error Logging

import { z } from 'zod';

const ContentSecurityPolicyReport = z
    .object({
    blockedURL: z.string(),
    columnNumber: z.number().optional(),
    disposition: z.enum(['enforce', 'report']),
    documentURL: z.string(), // url
    effectiveDirective: z.string(),
    lineNumber: z.number().optional(),
    originalPolicy: z.string(),
    referrer: z.string().optional(),
    sample: z.string().optional(),
    sourceFile: z.string().optional(),
    statusCode: z.number().optional(),
})
    .passthrough();
const CrossOriginOpenerPolicyReport = z
    .object({
    disposition: z.enum(['reporting', 'enforce']),
    effectivePolicy: z.enum([
        'unsafe-none',
        'same-origin',
        'same-origin-allow-popups',
        'same-origin-plus-coep',
    ]),
    type: z.enum([
        'navigate-to-document',
        'navigate-from-document',
        'navigation-from-response',
        'navigation-to-response',
        'access-to-coop-page-from-opener',
        'access-from-coop-page-to-opener',
        'access-from-coop-page-to-other',
        'access-from-coop-page-to-openee',
        'access-to-coop-page-from-opener',
        'access-to-coop-page-from-openee',
        'access-to-coop-page-from-other',
    ]),
    columnNumber: z.number().optional(),
    initialPopupURL: z.string().optional(),
    lineNumber: z.number().optional(),
    openeeURL: z.string().optional(), // url
    property: z.string().optional(), // closed, postMessage
    sourceFile: z.string().optional(), // url
})
    .passthrough();
const CrossOriginEmbedderPolicyReport = z
    .object({
    disposition: z.enum(['reporting', 'enforce']),
    blockedURL: z.string().optional(), // url
    /**
     * - navigation
     * - worker initialization
     * - corp
     */
    type: z.string(), // navigation, 'worker initialization', corp
    /**
     * Set on `type: 'corp'`
     */
    destination: z.string().optional(), // script, iframe
})
    .passthrough();
const NetworkErrorLogging = z
    .object({
    elapsed_time: z.number(),
    method: z.string(),
    phase: z.string(), // application
    protocol: z.string(),
    referrer: z.string(),
    sampling_fraction: z.number(),
    server_ip: z.string(),
    status_code: z.number(),
    type: z.string(), // http.error
})
    .passthrough();
const PermissionsPolicyViolation = z
    .object({
    message: z.string(),
    disposition: z.enum(['report', 'enforce']),
    /**
     * The voilated policy
     * `accelerometer`, `autoplay`, ...
     */
    policyId: z.string(),
    columnNumber: z.number().optional(),
    lineNumber: z.number().optional(),
    sourceFile: z.string(),
})
    .passthrough();
const PotentialPermissionsPolicyViolation = z
    .object({
    allowAttribute: z.string(),
    disposition: z.enum(['report', 'enforce']),
    message: z.string(),
    policyId: z.string(),
    srcAttribute: z.string(),
})
    .passthrough();
const InterventionReport = z.object({
    id: z.string(),
    message: z.string(),
    columnNumber: z.number().optional(),
    lineNumber: z.number().optional(),
    sourceFile: z.string().optional(),
});
const CrashReport = z.object({
    /**
     * Crash reason
     *
     * - `oom` Out of memory
     */
    reason: z.string().optional(), // oom
});
const DeprecationReport = z.object({
    id: z.string(),
    message: z.string(),
    columnNumber: z.number().optional(),
    lineNumber: z.number().optional(),
    sourceFile: z.string().optional(),
});
const Report = z
    .discriminatedUnion('type', [
    z.object({
        type: z.literal('csp-violation'),
        body: ContentSecurityPolicyReport,
    }),
    z.object({
        type: z.literal('coop'),
        body: CrossOriginOpenerPolicyReport,
    }),
    z.object({
        type: z.literal('coep'),
        body: CrossOriginEmbedderPolicyReport,
    }),
    z.object({
        type: z.literal('deprecation'),
        body: DeprecationReport,
    }),
    z.object({
        type: z.literal('crash'),
        body: CrashReport,
    }),
    z.object({
        type: z.literal('intervention'),
        body: InterventionReport,
    }),
    z.object({
        type: z.literal('network-error'),
        body: NetworkErrorLogging,
    }),
    z.object({
        type: z.literal('permissions-policy-violation'),
        body: PermissionsPolicyViolation,
    }),
    z.object({
        type: z.literal('potential-permissions-policy-violation'),
        body: PotentialPermissionsPolicyViolation,
    }),
])
    .and(z.object({
    /**
     * URL of the page where the violation occured
     */
    url: z.string(), // url
    /**
     * Age of the report in milliseconds
     */
    age: z.number(),
    user_agent: z.string(),
    /**
     * Your policy version
     */
    version: z.string().optional(),
    /**
     * The format the report was received in
     *
     * - `report-uri` legacy csp report-uri attribute
     * - `report-to` Reporting API report
     * - `report-to-safari` Safari is not sending buffered reports, fields in camelCase, body in `body` instead of `csp-report` etc
     */
    report_format: z.enum([
        'report-uri',
        'report-to',
        'report-to-safari',
    ]),
}));

export { ContentSecurityPolicyReport, CrashReport, CrossOriginEmbedderPolicyReport, CrossOriginOpenerPolicyReport, DeprecationReport, InterventionReport, NetworkErrorLogging, PermissionsPolicyViolation, PotentialPermissionsPolicyViolation, Report };
//# sourceMappingURL=schemas.js.map