task(/site/csp/reports): introduce the endpoint for gathering CSP violation reports.

Fix #1058

Author: annazarubina

src/main/java/ru/mystamps/web/feature/site/CspController.java

@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2009-2019 Slava Semushin <slava.semushin@gmail.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+package ru.mystamps.web.feature.site;
+
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.http.HttpStatus;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.ResponseStatus;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+@Slf4j
+public class CspController {
+
+	@PostMapping(SiteUrl.CSP_REPORTS_HANDLER)
+	@ResponseStatus(HttpStatus.NO_CONTENT)
+	public void handleReport(@RequestBody String body) {
+		log.warn(body);
+	}
+
+}

src/main/java/ru/mystamps/web/feature/site/SiteConfig.java

@@ -85,6 +85,11 @@ public SitemapController sitemapController() {
 			return new SitemapController(seriesService);
 		}
 
+		@Bean
+		public CspController cspController() {
+			return new CspController();
+		}
+
 	}
 
 	@RequiredArgsConstructor

src/main/java/ru/mystamps/web/feature/site/SiteUrl.java

@@ -39,6 +39,7 @@ public final class SiteUrl {
 	public static final String SITEMAP_XML         = "/sitemap.xml";
 
 	public static final String SITE_EVENTS_PAGE    = "/site/events";
+	public static final String CSP_REPORTS_HANDLER = "/site/csp/reports";
 
 	public static final String FORBIDDEN_PAGE      = "/error/403";
 	public static final String NOT_FOUND_PAGE      = "/error/404";

src/main/java/ru/mystamps/web/support/spring/security/SecurityConfig.java

@@ -135,7 +135,7 @@ protected void configure(HttpSecurity http) throws Exception {
 				// Allow unsecured requests to H2 consoles.
 				// See also spring.h2.console.path in application-test.properties and
 				// ContentSecurityPolicyHeaderWriter.H2_CONSOLE_PATTERN
-				.ignoringAntMatchers("/console/**")
+				.ignoringAntMatchers("/console/**", SiteUrl.CSP_REPORTS_HANDLER)
 				.and()
 			.rememberMe()
 				// FIXME: GH #27