From d40396f33ffeb944a9223a85a9468851bf151068 Mon Sep 17 00:00:00 2001
From: Ruben Arakelyan <ruben.arakelyan@digital.cabinet-office.gov.uk>
Date: Thu, 21 Mar 2019 11:28:13 +0000
Subject: [PATCH] Change CSP report URL to AWS Lambda function

This commit changes the URL that content security policy violations are reported to to a new AWS Lambda function that filters out most junk reports and forwards the rest to Sentry.
---
 config/initializers/csp.rb | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/config/initializers/csp.rb b/config/initializers/csp.rb
index 6fb96f72d..ea4c6572e 100644
--- a/config/initializers/csp.rb
+++ b/config/initializers/csp.rb
@@ -139,9 +139,10 @@ def self.build
 end
 
 # In test and development, use CSP for real to find issues. In production we only
-# report violations to Sentry (https://sentry.io/govuk/govuk-frontend-csp).
+# report violations to Sentry (https://sentry.io/govuk/govuk-frontend-csp) via an
+# AWS Lambda function that filters out junk reports.
 if Rails.env.production?
-  reporting = "report-uri https://sentry.io/api/1377947/security/?sentry_key=f7898bf4858d436aa3568ae042371b94"
+  reporting = "report-uri https://jhpno0hk6b.execute-api.eu-west-2.amazonaws.com/production"
   Rails.application.config.action_dispatch.default_headers['Content-Security-Policy-Report-Only'] = CSP.build + " " + reporting
 else
   Rails.application.config.action_dispatch.default_headers['Content-Security-Policy'] = CSP.build