I noticed some weird entries in the logs. It looks like there were a couple of CSP Violation errors from an unknown domain and JSONP.
Is there a way to find out more about the visitor who triggered that error? (IP address or username) Would an error like this be triggered if a user pasted the URL into the Discourse editor? I don’t think they can do anything with that, but it would be good to know if it’s a specific user.
Message CSP Violation: 'https://shady_domain.com/some_dir/some_path?jsonp=some_params' Backtrace /var/www/discourse/app/controllers/csp_reports_controller.rb:9:in `create' /var/www/discourse/vendor/bundle/ruby/2.6.0/gems/actionpack-126.96.36.199/lib/action_controller/metal/basic_implicit_render.rb:6:in `send_action' /var/www/discourse/vendor/bundle/ruby/2.6.0/gems/actionpack-188.8.131.52/lib/abstract_controller/base.rb:195:in `process_action' /var/www/discourse/vendor/bundle/ruby/2.6.0/gems/actionpack-184.108.40.206/lib/action_controller/metal/rendering.rb:30:in `process_action' /var/www/discourse/vendor/bundle/ruby/2.6.0/gems/actionpack-220.127.116.11/lib/abstract_controller/callbacks.rb:42:in `block in process_action' /var/www/discourse/vendor/bundle/ruby/2.6.0/gems/activesupport-18.104.22.168/lib/active_support/callbacks.rb:112:in `block in run_callbacks' /var/www/discourse/app/controllers/application_controller.rb:354:in `block in with_resolved_locale' /var/www/discourse/vendor/bundle/ruby/2.6.0/gems/i18n-1.8.5/lib/i18n.rb:313:in `with_locale' /var/www/discourse/app/controllers/application_controller.rb:354:in `with_resolved_locale' /var/www/discourse/vendor/bundle/ruby/2.6.0/gems/activesupport-22.214.171.124/lib/active_support/callbacks.rb:121:in `block in run_callbacks' Env HTTP HOSTS: forum.example.com
I’ve searched around in the logs and database, but I haven’t been able to find that URL. It looks like it’s done with Logster. The Logster docs say that the default location for logs is
/var/log/logster but I don’t see them in
/var/discourse/shared/standalone/log/var-log on the host or
/var/log inside of the app container.