Skip to main content

Generate NGINX Content-Security-Policy headers from HTML files

Project description

NGINX Content-Security-Policy header generator

Build Status Coverage Status

This tool will generate Content-Security-Policy headers for a NGINX configuration file from import domains in HTML files.


To generate Content-Security-Policy headers from HTML files in a path you can use the following command:

nginxcsp /path/to/html/files --out /path/to/nginx.conf --override

the command will generate Content-Security-Policy, X-Content-Security-Policy and X-WebKit-CSP headers for all server blocks of your nginx.conf file and remove the past ones. The headers will be generate from the tags in your html files, for example if you have an HTML file with the tag <script src=""></script> you would get the header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'self'".

If you would like to create only the Content-Security-Policy header you can use the flag --csp, the same applies for X-Content-Security-Policy with --xcsp and for X-WebKit-CSP with --xwebkit.

You can get all the usage help using nginxcsp -h:

usage: nginxcsp html_path

Search content loading sources in HTML files and Content-Security-Policy
headers automatically.

positional arguments:
  html_path             the path of the HTML files

optional arguments:
  -h, --help            show this help message and exit
  --out OUT             NGINX configuration file to output the generated
  --server_name SERVER_NAME
                        the server_name in the NGINX server block to add CSP
  --port PORT           the port from "listen {port}" line in a NGINX server
                        block to add CSP headers
  --override            flag to override the headers in the out file
  --csp                 flag to generate only the Content-Security-Policy
  --xcsp                flag to generate only the X-Content-Security-Policy
  --xwebkit             flag to generate only the X-WebKit-CSP header

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

nginxcsp-0.1.0.tar.gz (10.8 kB view hashes)

Uploaded source

Built Distribution

nginxcsp-0.1.0-py3-none-any.whl (16.7 kB view hashes)

Uploaded py3

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Huawei Huawei PSF Sponsor Microsoft Microsoft PSF Sponsor NVIDIA NVIDIA PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page