34
Views
6
Comments
How to turn off CSPReport
Question

Hi all,


Our CSP report is flooding our error log with errors and I wanted to know how can I turn off this report?

Rank: #207

João Forte Carvalho wrote:

Hi all,


Our CSP report is flooding our error log with errors and I wanted to know how can I turn off this report?

Hi Joao check if in this page has the information you seek: https://success.outsystems.com/Documentation/11/Managing_the_Applications_Lifecycle/Secure_the_Applications/Apply_Content_Security_Policy


It replaces with <internal> as soon as I try to save it blank

mvp_badge
MVP
Rank: #75

Hi João,

Indeed the CSP reporting cannot be turned off AFAIK.

All the reports are being posted via this internal REST API. From there on the CSP violations (meaning: blocked resources) are being written to the Error logs.

I'm just thinking out loud here, but stopping this would mean either disabling the SecurityUtils module via Service Center (which we cannot do since this module is not even listed) or maybe try and block the API calls with firewall software (which I would not recommended since that could lead to possible platform misbehavior and moreover these reports are needed in order to monitor CSP violations).

Anyhow, I agree that it would be better if the logs could be redirected elsewhere. So thanks for sharing the idea Gonçalo, I voted on it :).

Regards,

Nordin