CSP Violation Reports
When something on a page violates the Content-Security-Policy, and the
policy defines a report-uri directive, the user agent may POST a
report. Reports are JSON blobs containing information about how the
policy was violated.
Note: django-csp no longer handles report processing itself, so you will need to stand up your own app to receive them, or else make use of a third-party report processing service.
Throttling the number of reports
To throttle the number of requests made to your report-uri endpoint, you
can use csp.contrib.rate_limiting.RateLimitedCSPMiddleware instead of
csp.middleware.CSPMiddleware and set the CSP_REPORT_PERCENTAGE option:
CSP_REPORT_PERCENTAGEPercentage of requests that should see the
report-uridirective. Use this to throttle the number of CSP violation reports made to yourCSP_REPORT_URI. A float between 0 and 1 (0 = no reports at all). Ignored ifCSP_REPORT_URIisn’t set.