Google Cloud Report-URI Function Handler

A decent application isn't one that runs fast and reliably, and has many features, but is also robust and resilient and we enter it knowing that over time things could possibly break, malicious users will try break things, and system standards will change.

Monitoring an app and generating developer actionable events is one of the ways we can keep an app running for the long term.

This small repo is a Google Cloud hosted function that we can setup and forget about. It will run free, triggered only by each invocation.

An invocation takes places when an end users web browser detects a problem with a web application. For example, a bad or malconfigured TLS certificate. Or perhaps a violation of the defined Content Security Policy.

Both these types of warning are essential in the early warning that something is not right, especially since they are related to security.  A CSP violation for example, might mean someone is trying to inject unauthorised resources into the application somehow.

A Report-URI standard exists whereby a receiver URL is included in HTTP response headers and will get pinged with a report with the types of errors described above.  My function here will receive and parse said error reports, and save them within Google Cloud reporting, where they can be actioned and alerted depending on the volume or frequency of the reports.

Source code: https://github.com/samkelleher/gcloud-func-report-uri