Skip to main content

Generate NGINX Content-Security-Policy headers from HTML files

Project description

NGINX Content-Security-Policy header generator

Build Status Coverage Status

This tool will generate Content-Security-Policy headers for a NGINX configuration file from import domains in HTML files.

Usage

To generate Content-Security-Policy headers from HTML files in a path you can use the following command:

nginxcsp /path/to/html/files --out /path/to/nginx.conf --override

the command will generate Content-Security-Policy, X-Content-Security-Policy and X-WebKit-CSP headers for all server blocks of your nginx.conf file and remove the past ones. The headers will be generate from the tags in your html files, for example if you have an HTML file with the tag <script src="https://cdnjs.cloudflare.com/some-script.js"></script> you would get the header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudfare.com; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'self'".

If you would like to create only the Content-Security-Policy header you can use the flag --csp, the same applies for X-Content-Security-Policy with --xcsp and for X-WebKit-CSP with --xwebkit.

You can get all the usage help using nginxcsp -h:

usage: nginxcsp html_path

Search content loading sources in HTML files and Content-Security-Policy
headers automatically.

positional arguments:
  html_path             the path of the HTML files

optional arguments:
  -h, --help            show this help message and exit
  --out OUT             NGINX configuration file to output the generated
                        headers
  --server_name SERVER_NAME
                        the server_name in the NGINX server block to add CSP
                        headers
  --port PORT           the port from "listen {port}" line in a NGINX server
                        block to add CSP headers
  --override            flag to override the headers in the out file
  --csp                 flag to generate only the Content-Security-Policy
                        header
  --xcsp                flag to generate only the X-Content-Security-Policy
                        header
  --xwebkit             flag to generate only the X-WebKit-CSP header

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

nginxcsp-0.1.0.tar.gz (10.8 kB view details)

Uploaded Source

Built Distribution

nginxcsp-0.1.0-py3-none-any.whl (16.7 kB view details)

Uploaded Python 3

File details

Details for the file nginxcsp-0.1.0.tar.gz.

File metadata

  • Download URL: nginxcsp-0.1.0.tar.gz
  • Upload date:
  • Size: 10.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.13.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/41.0.1 requests-toolbelt/0.9.1 tqdm/4.32.2 CPython/3.7.3

File hashes

Hashes for nginxcsp-0.1.0.tar.gz
Algorithm Hash digest
SHA256 432b65ac50710257db0f49b575057b25552d016e55d67cbcbda1445a4be6f2d9
MD5 2c18c5573ab996c2e1c3218ffde3d44c
BLAKE2b-256 88bc4aba3450102ad196b9871626451f8601cbccc746b729ec91a93eedab65e5

See more details on using hashes here.

File details

Details for the file nginxcsp-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: nginxcsp-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 16.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.13.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/41.0.1 requests-toolbelt/0.9.1 tqdm/4.32.2 CPython/3.7.3

File hashes

Hashes for nginxcsp-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 cc4af13a9a974bec1b481f49f1c18bf966cdf93d761a80f2ae10ee2c75b9bb28
MD5 09984a72309918ae48ee4218a6ad8db8
BLAKE2b-256 5b6ad6e862288ecc9a2bb436129e662f6f9092b13a4430dacfe104f83f1e3714

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page