observe_content_security_report/2

Handle a content security report

Type:

notify_sync

This is called when a content security report is received by the report controller. The notification contains the type, url and body of the report.

Be aware that the content security report may contain untrusted data, so make sure to properly sanitize any output when handling this notification. The url field is sanitized and checked if it indeed belongs to the site, but the body field is not sanitized by Zotonic and may contain any data.

#content_security_report{} properties:

• type: binary

• url: binary

• body: map

• user_agent: binary

See also: https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Security-Policy/report-to