csp-tool
Tools for handling and reviewing Content Security Policies in use. These are written with automation in mind; in the absence of other apis or automated tools (to date).
License
This code is open source software licensed under the Apache 2.0 License.
Handy Content Security Policy references
- Google direct checker - one by one method, not an api
- Chrome Extension for insite checks
- Google documentation fundamentals article
- Negative impacts of getting them wrong
- Ionos blog post
- The CSP spec (v3.0)
Dev: Using the source
The best entry point to understanding the code is the tests; reading the tests should give you an idea of usecases. More docs will be incrementally added.
Set up
For the best way to run the tests it's worth setting your environment up as follows:
- install pyenv (this will pick up the python version from .python-version)
- install poetry (with the above version of python)
- run
poetry install
- run
poetry show
to check project details
Useful resources
Run tests
on the command line from the project root run poetry run pytest
Building source & wheel
on the command line from the project root run poetry build
Consume in your project
If you can't find this package as csp-tool
on pypi.org (and therefore pip) you
can still install it as a module in your consuming project by using
pip install /path/to/csp_tool-0.1.0-py3-none-any.whl
or list ./../relative/path/to/csp_tool-0.1.0-py3-none-any.whl
in your
requirements.txt file.
If you're using Poetry in your own project you can add this to your
pyproject.toml
[tool.poetry.dependencies]
my-package = { file = "path/to/csp_tool-0.1.0-py3-none-any.whl" }