Stand-Up reporting service for CSP deployment
For testing our CSP rollout we need a server that can record all CSP violations. CSP violations are delivered via JSON and a simple POST request to a specified URL. There are several libraries out there that will save these reports to a database and provide some reporting on the violations.
We can use Sentry but last time we tried it was overloaded. I don't anticipate that happening this time because I want to roll things out slowly to a small subset of users, but you never know for sure.
The reporting service can be a DO droplet with postgres and a tool like: https://github.com/bu-ist/csp-report
Or we can use a hosted service like: https://report-uri.io/
In the end, all we really need is a web service that can log POST requests.