Differences

This shows you the differences between two versions of the page.

--- administration:security:content_security_policy [2020/06/29 20:03] – [Best Practices / Recommendations] demiankatz
+++ administration:security:content_security_policy [2020/06/30 10:12] – [Enforcing vs. Reporting] demiankatz
@@ Line 11: / Line 11: @@
 ==== Configuration File ====
-All settings related to Content Security Policies can be found in contentsecuritypolicy.ini.
+All settings related to Content Security Policies can be found in [[https://github.com/vufind-org/vufind/blob/master/config/vufind/contentsecuritypolicy.ini|contentsecuritypolicy.ini]].
 ==== Enforcing vs. Reporting ====
@@ Line 19: / Line 19: @@
 === Receiving Reports ===
-When in reporting mode, you can set the report-to setting in contentsecuritypolicy.ini to send reports of violations to a URI that implements a simple API. VuFind does not currently include a built-in reporting endpoint, but several options exist, including:
+When in reporting mode, you can set the report-to setting in [[https://github.com/vufind-org/vufind/blob/master/config/vufind/contentsecuritypolicy.ini|contentsecuritypolicy.ini]] to send reports of violations to a URI that implements a simple API. VuFind does not currently include a built-in reporting endpoint, but several options exist, including:
   * [[https://github.com/seek-oss/csp-server|seek-oss/csp-server]] - an open source, Node.js-based solution
   * [[https://report-uri.com/|ReportURI]] - a commercial, cloud-based service
+  * [[https://docs.sentry.io/error-reporting/security-policy-reporting/|Sentry]] - a commercial, cloud-based service
+All violations are usually reported in browser's console too, but it is preferable to set up some service to ensure you able to catch all issues your users could be facing.
 ===== Best Practices / Recommendations =====