PHPackages                             bretto36/csp-reporting - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. bretto36/csp-reporting

ActiveLibrary[Security](/categories/security)

bretto36/csp-reporting
======================

CSP Reporting for Laravel Applications

1.0.0(1y ago)03MITPHPPHP ^8.1

Since Feb 3Pushed 7mo ago1 watchersCompare

[ Source](https://github.com/bretto36/csp-reporting)[ Packagist](https://packagist.org/packages/bretto36/csp-reporting)[ RSS](/packages/bretto36-csp-reporting/feed)WikiDiscussions master Synced 1mo ago

READMEChangelog (1)Dependencies (4)Versions (2)Used By (0)

CSP Reporting Engine
====================

[](#csp-reporting-engine)

This project is a Content Security Policy (CSP) Reporting engine built to work with Laravel. It receives CSP Violation reports from a report-uri and logs them using Laravel Exceptions.

Installation
------------

[](#installation)

1. Clone the repository:

    ```
    composer require bretto36/csp-reporting
    ```
2. Publish the configuration file:

    ```
    php artisan vendor:publish --provider="Bretto36\CspReporting\ServiceProvider"
    ```
3. Configure the package Add the following environment variables to your `.env` file:

    ```
    CSP_REPORTING_ENABLED=true
    ```

    The default route for the CSP Reporting engine is `/csp-reporting/report`.

    To adjust the route suffix `report` you can add an environment variable:

    ```
    CSP_REPORTING_URI=/different-path
    ```

    If you'd like to customise the route prefix or middleware you can do so in the configuration file.

    ```
    'route' => [
       'prefix'     => 'csp-reporting', // Alter this to a different prefix
       'middleware' => ['web'], // Change the middleware you want to use
    ],
    ```
4. If using Spatie's Laravel CSP package, you can add the following to the `report-uri` directive in your CSP header:

    ```
    'report-uri' => 'https://www.yourdomain.com/csp-reporting/report',
    ```
5. Make sure to include the route in the VerifyCsrfToken middleware as excluded - 'csp-reporting/\*',
6. To silence some CSP Reports you can add a Laravel Event Listener to listen to the CspViolationReportReceived Event

    ```
    use Bretto36\CspReporting\Events\CspViolationReportReceived;
    use Illuminate\Support\Facades\Event;

    Event::listen(CspViolationReportReceived::class, function (CspViolationReportReceived $event) {
        if ($event->violationReport->data->blocked_uri === 'https://example.com') {
            $event->shouldReport = false;
        }
    });
    ```

    or for Laravel 11, with auto event discovery simply create a listener

    ```
    php artisan make:listener CspViolationReportReceivedListener
    ```

    ```