Tools for handling and reviewing Content Security Policies in use. These are written with automation in mind; in the absence of other apis or automated tools (to date).
This code is open source software licensed under the Apache 2.0 License.
- Google direct checker - one by one method, not an api
- Chrome Extension for insite checks
- Google documentation fundamentals article
- Negative impacts of getting them wrong
- Ionos blog post
- The CSP spec (v3.0)
The best entry point to understanding the code is the tests; reading the tests should give you an idea of usecases. More docs will be incrementally added.
For the best way to run the tests it's worth setting your environment up as follows:
- install pyenv (this will pick up the python version from .python-version)
- install poetry (with the above version of python)
- run
poetry install
- run
poetry show
to check project details
on the command line from the project root run poetry run pytest
on the command line from the project root run poetry build
If you can't find this package as csp-tool
on pypi.org (and therefore pip) you
can still install it as a module in your consuming project by using
pip install /path/to/csp_tool-0.1.0-py3-none-any.whl
or list ./../relative/path/to/csp_tool-0.1.0-py3-none-any.whl
in your
requirements.txt file.
If you're using Poetry in your own project you can add this to your
pyproject.toml
[tool.poetry.dependencies]
my-package = { file = "path/to/csp_tool-0.1.0-py3-none-any.whl" }