refactor(CspController): don't include "original-policy" field into logs.

php-coder · php-coder · commit b36ebc3d193a · 2020-01-23T22:57:33.000Z
Fix #1242
diff --git a/src/main/java/ru/mystamps/web/feature/site/CspController.java b/src/main/java/ru/mystamps/web/feature/site/CspController.java
@@ -27,12 +27,17 @@
 import org.springframework.web.bind.annotation.RestController;
 
 import javax.servlet.http.HttpServletRequest;
+import java.util.regex.Pattern;
 
 @RestController
 @Slf4j
 public class CspController {
 	private static final String UNKNOWN = "<unknown>";
 
+	private static final Pattern ORIGINAL_POLICY_PATTERN = Pattern.compile(
+		"\"original-policy\":\"[^\"]+\","
+	);
+	
 	@PostMapping(SiteUrl.CSP_REPORTS_HANDLER)
 	@ResponseStatus(HttpStatus.NO_CONTENT)
 	public void handleReport(
@@ -41,9 +46,11 @@ public void handleReport(
 		@RequestHeader(name = "user-agent", defaultValue = UNKNOWN) String userAgent) {
 		
 		String ip = StringUtils.defaultString(request.getRemoteAddr(), UNKNOWN);
-		
 		log.warn("CSP report from IP: {}, user agent: {}", ip, userAgent);
-		log.warn(body);
+
+		// Omit "original-policy" as it quite long and useless most of the time
+		String report = ORIGINAL_POLICY_PATTERN.matcher(body).replaceFirst(StringUtils.EMPTY);
+		log.warn(report);
 	}
 
 }
