Generate NGINX Content-Security-Policy headers from HTML files
Project description
NGINX Content-Security-Policy header generator
This tool will generate Content-Security-Policy
headers for a NGINX configuration file from import domains in HTML files.
Usage
To generate Content-Security-Policy
headers from HTML files in a path you can use the following command:
nginxcsp /path/to/html/files --out /path/to/nginx.conf --override
the command will generate Content-Security-Policy
, X-Content-Security-Policy
and X-WebKit-CSP
headers for all server
blocks of your nginx.conf
file and remove the past ones. The headers will be generate from the tags in your html files, for example if you have an HTML file with the tag <script src="https://cdnjs.cloudflare.com/some-script.js"></script>
you would get the header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudfare.com; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'self'"
.
If you would like to create only the Content-Security-Policy
header you can use the flag --csp
, the same applies for X-Content-Security-Policy
with --xcsp
and for X-WebKit-CSP
with --xwebkit
.
You can get all the usage help using nginxcsp -h
:
usage: nginxcsp html_path
Search content loading sources in HTML files and Content-Security-Policy
headers automatically.
positional arguments:
html_path the path of the HTML files
optional arguments:
-h, --help show this help message and exit
--out OUT NGINX configuration file to output the generated
headers
--server_name SERVER_NAME
the server_name in the NGINX server block to add CSP
headers
--port PORT the port from "listen {port}" line in a NGINX server
block to add CSP headers
--override flag to override the headers in the out file
--csp flag to generate only the Content-Security-Policy
header
--xcsp flag to generate only the X-Content-Security-Policy
header
--xwebkit flag to generate only the X-WebKit-CSP header
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.