Generate NGINX Content-Security-Policy headers from HTML files

Project description

NGINX Content-Security-Policy header generator

This tool will generate Content-Security-Policy headers for a NGINX configuration file from import domains in HTML files.

Usage

To generate Content-Security-Policy headers from HTML files in a path you can use the following command:

nginxcsp /path/to/html/files --out /path/to/nginx.conf --override

the command will generate Content-Security-Policy, X-Content-Security-Policy and X-WebKit-CSP headers for all server blocks of your nginx.conf file and remove the past ones. The headers will be generate from the tags in your html files, for example if you have an HTML file with the tag <script src="https://cdnjs.cloudflare.com/some-script.js"></script> you would get the header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudfare.com; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'self'".

If you would like to create only the Content-Security-Policy header you can use the flag --csp, the same applies for X-Content-Security-Policy with --xcsp and for X-WebKit-CSP with --xwebkit.

You can get all the usage help using nginxcsp -h:

usage: nginxcsp html_path

Search content loading sources in HTML files and Content-Security-Policy
headers automatically.

positional arguments:
  html_path             the path of the HTML files

optional arguments:
  -h, --help            show this help message and exit
  --out OUT             NGINX configuration file to output the generated
                        headers
  --server_name SERVER_NAME
                        the server_name in the NGINX server block to add CSP
                        headers
  --port PORT           the port from "listen {port}" line in a NGINX server
                        block to add CSP headers
  --override            flag to override the headers in the out file
  --csp                 flag to generate only the Content-Security-Policy
                        header
  --xcsp                flag to generate only the X-Content-Security-Policy
                        header
  --xwebkit             flag to generate only the X-WebKit-CSP header

Project details

Release history Release notifications | RSS feed

This version

0.1.0

Aug 2, 2019

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

nginxcsp-0.1.0.tar.gz (10.8 kB view hashes)

Uploaded Aug 2, 2019 source

Built Distribution

nginxcsp-0.1.0-py3-none-any.whl (16.7 kB view hashes)

Uploaded Aug 2, 2019 py3

Hashes for nginxcsp-0.1.0.tar.gz

Hashes for nginxcsp-0.1.0.tar.gz
Algorithm	Hash digest
SHA256	`432b65ac50710257db0f49b575057b25552d016e55d67cbcbda1445a4be6f2d9`
MD5	`2c18c5573ab996c2e1c3218ffde3d44c`
BLAKE2-256	`88bc4aba3450102ad196b9871626451f8601cbccc746b729ec91a93eedab65e5`

Hashes for nginxcsp-0.1.0-py3-none-any.whl

Hashes for nginxcsp-0.1.0-py3-none-any.whl
Algorithm	Hash digest
SHA256	`cc4af13a9a974bec1b481f49f1c18bf966cdf93d761a80f2ae10ee2c75b9bb28`
MD5	`09984a72309918ae48ee4218a6ad8db8`
BLAKE2-256	`5b6ad6e862288ecc9a2bb436129e662f6f9092b13a4430dacfe104f83f1e3714`