
Show HN: A builder tool to help generate CSPs in a type-safe way - pgilad
https://github.com/pgilad/csp-builder
======
jamieweb
This looks good - it's great to see development in the CSP space since it's
such as great yet not widely used feature.

I've also made something on the same lines as this, although not as a complete
tool like yours. Essentially I have a default policy for my site, but I can
manually override individual directives on a per-page basis. I called it 'CSP
Extreme': [https://www.jamieweb.net/blog/taking-content-security-
policy...](https://www.jamieweb.net/blog/taking-content-security-policy-to-
the-extreme-policies-on-a-per-page-basis/)

~~~
pgilad
Thanks! I like your work on it. I have several ideas on how to generally
improve the CSP development that I want to implement, and needed a good
infrastructure for doing it: \- CSP optimizations, like removing redundant
fields (like a minifier) \- CSP parsing \- CSP security warnings or rating
(like for unsafe eval) \- CSP Presets, might be general presets, or extendable
presets for various tools, like Google Analytics for example \- CSP
deprecations and level supports

So far, I've created this tool to help me with it's usage (See
[https://github.com/pgilad/www.giladpeleg.com/blob/master/scr...](https://github.com/pgilad/www.giladpeleg.com/blob/master/scripts/generate-
csp.ts)), but the best feature is by far using Typescript (I considered using
Java) for typed directives and sources.

