Class: Dispatch::Rails::ReportingEndpointMiddleware

Inherits:
Object
  • Object
show all
Defined in:
lib/dispatch/rails/reporting_endpoint_middleware.rb

Overview

Terminal Rack endpoint for the browser Reporting API. Point a CSP ‘report-uri`/`report-to` group (or any Reporting-Endpoints group) at config.reporting_endpoint_path and the browser POSTs its reports straight here — no host controller required. Each report becomes a synthetic exception pushed through Reporter.capture, so it lands as a first-class event with the usual sampling, before_send, and transport applied.

Opt-in (config.capture_browser_reports). When disabled — or for any request that isn’t a POST to the configured path — it passes straight through. When it does handle a request it answers 204 itself and never calls downstream, so the configured path must be one no host route uses.

Pick ONE CSP mechanism: this endpoint OR the JS securitypolicyviolation listener (config.capture_csp_violations). Enabling both, with report-uri aimed here, double-counts every violation.

Constant Summary collapse

MAX_BODY_BYTES = 
64_000
MAX_REPORTS = 
50
NO_CONTENT = 
[204, { "Content-Type" => "text/plain" }, []].freeze

Instance Method Summary collapse

Constructor Details

#initialize(app) ⇒ ReportingEndpointMiddleware

Returns a new instance of ReportingEndpointMiddleware.



33
34
35
 
# File 'lib/dispatch/rails/reporting_endpoint_middleware.rb', line 33

def initialize(app)
  @app = app
end

Instance Method Details

#call(env) ⇒ Object 



37
38
39
40
41
42
43
44
45
46
47
 
# File 'lib/dispatch/rails/reporting_endpoint_middleware.rb', line 37

def call(env)
  config = Dispatch::Rails.configuration
  return @app.call(env) unless handles?(config, env)

  capture_reports(env)
  NO_CONTENT
rescue StandardError => e
  # A report endpoint must never error the browser's beacon — always 204.
  warn "[dispatch-rails] reporting endpoint failed: #{e.class}: #{e.message}"
  NO_CONTENT
end