ruby 11 lines · 1 tab

CSP report endpoint for monitoring attempted browser policy violations

Kai Nakamura Apr 2026
1 tab
class CspReportsController < ActionController::API
  def create
    Rails.logger.warn({
      event: 'csp_report',
      report: params.to_unsafe_h,
      ip: request.remote_ip,
    }.to_json)

    head :no_content
  end
end
1 file · ruby Explain with highlit

I like CSP reporting because it reveals both rollout mistakes and active attack attempts. The endpoint should accept reports quietly, avoid noisy validation failure loops, and forward the data into normal observability systems. Reporting without triage is just another log sink.

Share this code

Here's the card — post it anywhere.

CSP report endpoint for monitoring attempted browser policy violations — share card
Link copied