{"id":16149929,"url":"https://github.com/aeyoll/morbo","last_synced_at":"2025-04-06T22:18:43.030Z","repository":{"id":57640297,"uuid":"347872231","full_name":"aeyoll/morbo","owner":"aeyoll","description":"Morbo, a CSP Reporter","archived":false,"fork":false,"pushed_at":"2022-08-23T08:56:19.000Z","size":250,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-03-28T07:35:01.949Z","etag":null,"topics":["csp","rust","tide"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aeyoll.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-03-15T07:15:43.000Z","updated_at":"2022-01-07T11:19:58.000Z","dependencies_parsed_at":"2022-09-05T07:40:18.430Z","dependency_job_id":null,"html_url":"https://github.com/aeyoll/morbo","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aeyoll%2Fmorbo","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aeyoll%2Fmorbo/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aeyoll%2Fmorbo/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aeyoll%2Fmorbo/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aeyoll","download_url":"https://codeload.github.com/aeyoll/morbo/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247557749,"owners_count":20958047,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["csp","rust","tide"],"created_at":"2024-10-10T00:45:57.662Z","updated_at":"2025-04-06T22:18:42.997Z","avatar_url":"https://github.com/aeyoll.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Morbo, a CSP Reporter\n\n[![LICENSE](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE)\n[![Build Status](https://github.com/aeyoll/morbo/actions/workflows/ci.yml/badge.svg)](https://github.com/aeyoll/morbo/actions/workflows/ci.yml)\n[![Crates.io Version](https://img.shields.io/crates/v/morbo.svg)](https://crates.io/crates/morbo)\n[![Minimum rustc version](https://img.shields.io/badge/rustc-1.49.0+-lightgray.svg)](#rust-version-requirements)\n\n![Morbo, a CSP Reporter](https://github.com/aeyoll/morbo/blob/main/.github/logo.jpg?raw=true)\n\nThe HTTP Content-Security-Policy `report-to` (and the deprecated `report-uri`) response header directive instructs the user agent to report attempts to violate the Content Security Policy. These violation reports consist of JSON documents sent via an HTTP POST request to the specified URI.\n\nThis Rust crate is an endpoint to receive those reports and send them to an email address.\n\nInstall\n---\n\nFirst, install using cargo. You must choose the channels you want to receive notifications on, using the `--features` command line arg.\n\n`mail` and `sentry` are currently available.\n\n```\ncargo install morbo --features=mail,sentry\n```\n\nThen, setup some environment variables:\n\n```\nMORBO_MAILER_FROM_NAME=Example\nMORBO_MAILER_FROM_EMAIL=example@example.org\nMORBO_MAILER_TO_NAME=Example\nMORBO_MAILER_TO_EMAIL=example@example.org\nMORBO_MAILER_SMTP_HOSTNAME=localhost\nMORBO_MAILER_SMTP_PORT=1025\nMORBO_MAILER_SMTP_USERNAME=\nMORBO_MAILER_SMTP_PASSWORD=\n\nMORBO_SENTRY_DSN=\n```\n\nUsage\n---\n\n```\nmorbo --port=8080 # (port is optionnal, default 8080)\n```\n\nThen, setup a reverse proxy in your webserver. For example, in nginx:\n\n```\nlocation /_/csp-reports {\n    proxy_pass http://127.0.0.1:8080;\n}\n```\n\nIn the website you want to report CPS, set the following headers:\n\n```\nReport-To: {\"group\": \"csp-endpoint\",\"max_age\": 10886400,\"endpoints\": [{ \"url\": \"http://example.org/_/csp-reports\" }]});\nContent-Security-Policy: default-src 'self'; report-to csp-endpoint; report-uri http://example.org/_/csp-reports;');\n```\n\nEvent though `report-uri` is deprecated, `report-to` is not supported in every browser.\n\nRust version requirements\n---\n\nRust \u003e= 1.49.0+","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faeyoll%2Fmorbo","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faeyoll%2Fmorbo","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faeyoll%2Fmorbo/lists"}