Tools for handling and reviewing Content Security Policies in use. These are written with automation in mind; in the absence of other apis or automated tools (to date).

This code is open source software licensed under the Apache 2.0 License.

• Google direct checker - one by one method, not an api
• Chrome Extension for insite checks
• Google documentation fundamentals article
• Negative impacts of getting them wrong
• Ionos blog post
• The CSP spec (v3.0)

The best entry point to understanding the code is the tests; reading the tests should give you an idea of usecases. More docs will be incrementally added.

For the best way to run the tests it's worth setting your environment up as follows:

1. install pyenv (this will pick up the python version from .python-version)
2. install poetry (with the above version of python)
3. run poetry install
4. run poetry show to check project details

• pyenv installation guide
• poetry installation guide
• ...and useful blog
• poetry cli reference

on the command line from the project root run poetry run pytest

on the command line from the project root run poetry build

If you can't find this package as csp-tool on pypi.org (and therefore pip) you can still install it as a module in your consuming project by using

pip install /path/to/csp_tool-0.1.0-py3-none-any.whl

or list ./../relative/path/to/csp_tool-0.1.0-py3-none-any.whl in your requirements.txt file.

If you're using Poetry in your own project you can add this to your pyproject.toml

[tool.poetry.dependencies]
my-package = { file = "path/to/csp_tool-0.1.0-py3-none-any.whl" }