Skip to content
/ Reporting-Endpoint-Worker Public

Reporting API v1 Endpoint implementation based on Cloudflare Workers as per www.w3.org/TR/reporting-1/. Uses Cloudflare D1 for storing reports. Compatible with the Workers Free Tier.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

MexHigh/Reporting-Endpoint-Worker

BranchesTags

Repository files navigation

Reporting Endpoint Worker

Reporting API v1 Endpoint implementation based on Cloudflare Workers as per www.w3.org/TR/reporting-1/. Uses Cloudflare D1 for storing reports. Compatible with the Workers Free Tier.

Currently, this tool only collects (and prunes) the reports, but does no analysis with it. It is however planned to add some alerting or summary functionality to this project.

Currently supported report types:

  • CSP Violations → csp-violation
  • Deprecations → deprecation
  • Interventions → intervention
  • Network Error Logging (NEL) → network-error (experimental)
  • Crash Reports → crash (experimental)
  • Permissions Policy Violations → permissions-policy-violations (experimental)

See here for instructions on setting up the Reporting Headers to utilize this endpoint. Keep in mind that this Spec is currently experimental and only supported in Chromium based browsers out of the box (Firefox supports it via a config variable)!

Deploy

  1. Login to Cloudflare with Wrangler (Wrangler can be invoked with npx wrangler <commands>)
  2. Create a D1 database
  3. Copy wrangler.example.toml to wrangler.toml
  4. Edit wrangler.toml:
    • Change the desired Worker name (optional)
    • Fill in your D1 details (database_name and database_id, do not edit the binding!)
  5. Initialize the database: npx wrangler d1 migrations apply --remote <database_name>
  6. Deploy the worker: npm run deploy (a new Worker will be created for you with the name, bindings and routes you have configured in wrangler.toml)

Upgrade

Doing upgrades to this tool which require database migrations can be done without losing data. Just pull the current version of this repo and run the migrations:

  • git pull
  • npx wrangler d1 migrations list --remote <database_name> (to check which migrations must be applied)
  • npx wrangler d1 migrations apply --remote <database_name>
  • npm run deploy

Pruning old reports

To prevent the database from filling up indefinitely, it is "pruned" every night at 00:00 UTC by deleting the oldest entries to reduce the table entry count to 1000 per report type. This results in a maximum of 6000 entries in total (6 report types * 1000) but may exceed over the day depending on how many reports you are receiving (NEL reports in particular fill the database very quickly).

The maximum number of reports per type to keep can be configured in wrangler.toml in the [vars] section via the KEEP_REPORTS variable.

About

Reporting API v1 Endpoint implementation based on Cloudflare Workers as per www.w3.org/TR/reporting-1/. Uses Cloudflare D1 for storing reports. Compatible with the Workers Free Tier.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages