Skip to main content
Join the official 2019 Python Developers SurveyStart the survey!

Generate NGINX Content-Security-Policy headers from HTML files

Project description

NGINX Content-Security-Policy header generator

Build Status Coverage Status

This tool will generate Content-Security-Policy headers for a NGINX configuration file from import domains in HTML files.

Usage

To generate Content-Security-Policy headers from HTML files in a path you can use the following command:

nginxcsp /path/to/html/files --out /path/to/nginx.conf --override

the command will generate Content-Security-Policy, X-Content-Security-Policy and X-WebKit-CSP headers for all server blocks of your nginx.conf file and remove the past ones. The headers will be generate from the tags in your html files, for example if you have an HTML file with the tag <script src="https://cdnjs.cloudflare.com/some-script.js"></script> you would get the header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudfare.com; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'self'".

If you would like to create only the Content-Security-Policy header you can use the flag --csp, the same applies for X-Content-Security-Policy with --xcsp and for X-WebKit-CSP with --xwebkit.

You can get all the usage help using nginxcsp -h:

usage: nginxcsp html_path

Search content loading sources in HTML files and Content-Security-Policy
headers automatically.

positional arguments:
  html_path             the path of the HTML files

optional arguments:
  -h, --help            show this help message and exit
  --out OUT             NGINX configuration file to output the generated
                        headers
  --server_name SERVER_NAME
                        the server_name in the NGINX server block to add CSP
                        headers
  --port PORT           the port from "listen {port}" line in a NGINX server
                        block to add CSP headers
  --override            flag to override the headers in the out file
  --csp                 flag to generate only the Content-Security-Policy
                        header
  --xcsp                flag to generate only the X-Content-Security-Policy
                        header
  --xwebkit             flag to generate only the X-WebKit-CSP header

Project details


Release history Release notifications

This version

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for nginxcsp, version 0.1.0
Filename, size File type Python version Upload date Hashes
Filename, size nginxcsp-0.1.0-py3-none-any.whl (16.7 kB) File type Wheel Python version py3 Upload date Hashes View hashes
Filename, size nginxcsp-0.1.0.tar.gz (10.8 kB) File type Source Python version None Upload date Hashes View hashes

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN SignalFx SignalFx Supporter DigiCert DigiCert EV certificate StatusPage StatusPage Status page