/report-to

Middleware for setting the Report-To HTTP response header

Primary LanguageJavaScriptMIT LicenseMIT

Report To

npm version dependencies Status Actions Status Coverage Status FOSSA Status

This is Express middleware to set the Report-To HTTP response header. You can read more about it here and here.

To use:

const reportTo = require('report-to')

// ...

app.use(reportTo({
  groups: [
    {
      group: "endpoint-1",
      max_age: 10_886_400,
      include_subdomains: true,
      endpoints: [
        {
          url: "https://example.com/reports",
          priority: 1
        },
        {
          url: "https://backup.com/reports",
          priority: 2
        }
      ]
    }
  ]
}))

When set alone, this header doesn't do anything and will need to be set with a header that allows reporting, such as Content-Security-Policy, NEL, etc.

For example, using the above definition, a NEL header may look like the following, using endpoint-1 as its report-to parameter: NEL: {"report_to":"endpoint-1","max_age":31536000,"include_subdomains":true} You can use this module to set an NEL header easily with express.

https://report-uri.com/ is a great reporting platform for monitoring CSP, NEL, etc. error logs.

License

FOSSA Status