rest api - trying to send request-body to rest_api custom csp-endpoint

admin管理员组

文章数量:1122832

Set a target endpoint for the browser to send the report:

function add_csp_header() {
header("Content-Security-Policy-Report-Only: 
    report-uri ".get_bloginfo('url')."/csp-endpoint;
    script-src 'self'");
    //some more, since only one header is rejected
}
add_action('send_headers', 'add_csp_header',10);

The csp-endpoint file at the root is:

Report-To: { "group": "csp-endpoint",
          "max_age": 10886400,
          "endpoints": [
            { "url": "http://localhost:8888/wordpress/csp-endpoint" }
          ] }

The console reports for requests:

POST > http://localhost:8888/wordpress/csp-endpoint
Status 200 OK
VersionHTTP/1.1
transmitted 762 B (194 B size)
//many headers

This section contains the data that i want to retrieve:

Request:
csp-report*** //the data that i want to retrieve

and the response body:

Response:
Report-To: { "group": "csp-endpoint",
          "max_age": 10886400,
          "endpoints": [
            { "url": "http://localhost:8888/wordpress/csp-endpoint" }
          ] }

The data i want to retrieve and save to a file, is present in the Request. How do i have to go about?

I tried to establish a rest_api custom endpoint, listening to posts from the browser, i therefore assume the method has to be 'GET':

function test_csp_route() {
register_rest_route( 'csp/v2', '/csp-endpoint', array(
    'methods'  => 'GET',
    'callback' => 'load_request',
    'permission_callback' => '__return_true',
    ) );
}
add_action( 'rest_api_init', 'test_csp_route' );

Then i added this callback:

function load_request() {
  $url = get_bloginfo('url').'/csp-endpoint';
  // Send remote request
  $request = wp_remote_get($url);
  // Retrieve information
  $response_code = wp_remote_retrieve_response_code($request);
  $response_message = wp_remote_retrieve_response_message($request);
  $response_body = wp_remote_retrieve_body($request);


  if (!is_wp_error($request) ) {
     return new WP_REST_Response(
      array(
        'status' => $response_code,
        'response' => $response_message,
        'body_response' => $response_body,
      )
    );
  } else {
    return new WP_Error($response_code, $response_message,   $response_body);
  }
}

But going to my custom endpoint /wp-json/csp/v2/csp-endpoint only shows:

JSON
Status: 200,
Response: OK
body_response:'Report-To: { "group": "csp-endpoint",\n "max_age": 10886400,\n "endpoints": [\n { "url": "http://localhost:8888/wordpress/csp-endpoint" }\n ] }\n'endpoint" }
          ] }

But this is not my goal, i want to retrieve the request***. How do i have to design my callback to achieve that? Is it really needed to create a custom rest_api endpoint with callback? Can the request body be retrieved directly from http://localhost:8888/wordpress/csp-endpoint and saved to a file?

Set a target endpoint for the browser to send the report:

function add_csp_header() {
header("Content-Security-Policy-Report-Only: 
    report-uri ".get_bloginfo('url')."/csp-endpoint;
    script-src 'self'");
    //some more, since only one header is rejected
}
add_action('send_headers', 'add_csp_header',10);

The csp-endpoint file at the root is:

Report-To: { "group": "csp-endpoint",
          "max_age": 10886400,
          "endpoints": [
            { "url": "http://localhost:8888/wordpress/csp-endpoint" }
          ] }

The console reports for requests:

POST > http://localhost:8888/wordpress/csp-endpoint
Status 200 OK
VersionHTTP/1.1
transmitted 762 B (194 B size)
//many headers

This section contains the data that i want to retrieve:

Request:
csp-report*** //the data that i want to retrieve

and the response body:

Response:
Report-To: { "group": "csp-endpoint",
          "max_age": 10886400,
          "endpoints": [
            { "url": "http://localhost:8888/wordpress/csp-endpoint" }
          ] }

The data i want to retrieve and save to a file, is present in the Request. How do i have to go about?

I tried to establish a rest_api custom endpoint, listening to posts from the browser, i therefore assume the method has to be 'GET':

function test_csp_route() {
register_rest_route( 'csp/v2', '/csp-endpoint', array(
    'methods'  => 'GET',
    'callback' => 'load_request',
    'permission_callback' => '__return_true',
    ) );
}
add_action( 'rest_api_init', 'test_csp_route' );

Then i added this callback:

function load_request() {
  $url = get_bloginfo('url').'/csp-endpoint';
  // Send remote request
  $request = wp_remote_get($url);
  // Retrieve information
  $response_code = wp_remote_retrieve_response_code($request);
  $response_message = wp_remote_retrieve_response_message($request);
  $response_body = wp_remote_retrieve_body($request);


  if (!is_wp_error($request) ) {
     return new WP_REST_Response(
      array(
        'status' => $response_code,
        'response' => $response_message,
        'body_response' => $response_body,
      )
    );
  } else {
    return new WP_Error($response_code, $response_message,   $response_body);
  }
}

But going to my custom endpoint /wp-json/csp/v2/csp-endpoint only shows:

JSON
Status: 200,
Response: OK
body_response:'Report-To: { "group": "csp-endpoint",\n "max_age": 10886400,\n "endpoints": [\n { "url": "http://localhost:8888/wordpress/csp-endpoint" }\n ] }\n'endpoint" }
          ] }

But this is not my goal, i want to retrieve the request***. How do i have to design my callback to achieve that? Is it really needed to create a custom rest_api endpoint with callback? Can the request body be retrieved directly from http://localhost:8888/wordpress/csp-endpoint and saved to a file?

• rest-api
• endpoints

Share Improve this question edited Sep 10, 2024 at 15:32 gurky asked Sep 8, 2024 at 13:06 gurkygurky 5588 bronze badges

Add a comment  | 

2 Answers 2

Sorted by: Reset to default 0

For sure, you are missing required argument permission_callback

If you want this endpoint to be public you add it like this:

'permission_callback' => '__return_true'

It is tricky, because documentation do not tell you directly that this one is required. From version 5.5 you have only debug note that this argument is required.

Also in your callback function you have param $request that will provide you details from request, no need to use WP_REST_Request like that.

/**
 * Creates parsed post based on content from Surfer.
 *
 * @param WP_REST_Request $request - request object.
 * @return WP_REST_Response
 */
public function surfer_import_post( $request ) {
    // Get Param
    $something = $request->get_param( 'something' );

    // Return response
    return new WP_REST_Response(
        array(
            'message' => __( 'Hurray!', 'your_namespace' ),
        ),
        200
    );
}

Simple solution to catch csp resports and save them

CSP-Header for testing purposes:

$csp = "script-src 'self'; report-uri ".get_bloginfo('url')."/process-csp-reports.php";
header("Content-Security-Policy-Report-Only: $csp");

process-csp-reports.php at the root:

<?php // Note: this script requires PHP ≥ 5.4.
// Send `204 No Content` status code.
http_response_code(204);
// Get the raw POST data.
$data = file_get_contents('php://input');
// Only continue if it’s valid JSON that is not just `null`, `0`, `false` or an
// empty string, i.e. if it could be a CSP violation report.
if ($data = json_decode($data)) {
    // Prettify the JSON-formatted data.
    $data = json_encode(
        $data,
        JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES
        );
        $log_filename = "csp-reports";
        file_put_contents($log_filename, $data. "\n", FILE_APPEND);
}
?>

Source This may not be the wordpress way, but it works. The csp-reports are saved to csp-reports (text-file) at the root.

本文标签： rest apitrying to send requestbody to restapi custom cspendpoint