ruby
11 lines · 1 tab
Kai Nakamura
Apr 2026
1 tab
class CspReportsController < ActionController::API
def create
Rails.logger.warn({
event: 'csp_report',
report: params.to_unsafe_h,
ip: request.remote_ip,
}.to_json)
head :no_content
end
end
1 file · ruby
Explain with highlit
I like CSP reporting because it reveals both rollout mistakes and active attack attempts. The endpoint should accept reports quietly, avoid noisy validation failure loops, and forward the data into normal observability systems. Reporting without triage is just another log sink.
Share this code
Here's the card — post it anywhere.