How to accept application/csp-report as json in express and bodyParser?

后端未结

关注

 2  1306

I\'m trying to write a middleware to accept CSP report from browser. Browser issues application/csp-report as Content-Type. The request being poste

相关标签:

2条回答

礼貌的吻别

2021-01-14 03:01
Since it is actually JSON you can inform Express of that fact like this:
```
app.use(bodyParser.json({type: 'application/csp-report'}));
```
Note however some browsers use application/csp-report, some application/JSON so I set both:
```
app.use(bodyParser.json({type: 'application/json'}));
app.use(bodyParser.json({type: 'application/csp-report'}));
```
If it helps I've code for a (very simple) Node Report service here: https://www.tunetheweb.com/security/http-security-headers/csp/
0 讨论(0)
发布评论:

提交评论
- 加载中...

小鲜肉

2021-01-14 03:09

In addition to @Barry's answer, you can set endpoint path more specifically:

app.use('/report-violation', bodyParser.json({ type: 'application/json' }));
app.use('/report-violation', bodyParser.json({ type: 'application/csp-report' }));
app.use('/report-violation', (req, res) => {
  // handle req.body
});

0 讨论(0)