{"id":16173420,"url":"https://github.com/robdwaller/csp-generator","last_synced_at":"2025-10-09T17:42:02.415Z","repository":{"id":57614236,"uuid":"241419718","full_name":"RobDWaller/csp-generator","owner":"RobDWaller","description":"Manage and create Content Security Policies more easily.","archived":false,"fork":false,"pushed_at":"2020-05-10T16:02:58.000Z","size":89,"stargazers_count":6,"open_issues_count":0,"forks_count":53,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-09-16T03:03:35.320Z","etag":null,"topics":["content-security-policy","csp","json","rust","rust-lang"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/RobDWaller.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-02-18T17:08:58.000Z","updated_at":"2025-02-27T07:39:41.000Z","dependencies_parsed_at":"2022-09-10T23:32:46.807Z","dependency_job_id":null,"html_url":"https://github.com/RobDWaller/csp-generator","commit_stats":null,"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"purl":"pkg:github/RobDWaller/csp-generator","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RobDWaller%2Fcsp-generator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RobDWaller%2Fcsp-generator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RobDWaller%2Fcsp-generator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RobDWaller%2Fcsp-generator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/RobDWaller","download_url":"https://codeload.github.com/RobDWaller/csp-generator/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RobDWaller%2Fcsp-generator/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279001868,"owners_count":26083197,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-09T02:00:07.460Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["content-security-policy","csp","json","rust","rust-lang"],"created_at":"2024-10-10T04:08:41.602Z","updated_at":"2025-10-09T17:42:01.380Z","avatar_url":"https://github.com/RobDWaller.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![Actions Status](https://github.com/RobDWaller/csp-generator/workflows/Build%20and%20Test/badge.svg)](https://github.com/RobDWaller/csp-generator/actions) [![Crates.io](https://img.shields.io/crates/v/csp_generator)](https://crates.io/crates/csp_generator) [![codecov](https://codecov.io/gh/RobDWaller/csp-generator/branch/master/graph/badge.svg)](https://codecov.io/gh/RobDWaller/csp-generator)\n# Content Security Policies Generator\n\nManaging and creating Content Security Policies can be a challenge. The Content Security Policy header format does not lend itself to managing lots of domains across multiple directives. Especially if you need to allow Google Analytics.   \n\nThis Rust library allows you to generate a CSP header string from well organised JSON strings. The JSON structure this library accepts allows you to more easily manage many domains and many directives for your website CSP policies.\n\nIf you need to learn more about Content Security Policies we suggest you read the following resources:\n\n- [Content Security Policies Website](https://content-security-policy.com/)\n- [MDN Content Security Policies Documentation](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP)\n- [RFC 7762](https://tools.ietf.org/html/rfc7762)\n\n## Installation \n\nTo install csp_generator in your Rust project simply add it as a dependency within your Cargo manifest.\n\n**Example Cargo.toml**\n```toml\n[dependencies]\ncsp_generator = \"0.2.0-beta.3\"\n```\n\n## Usage\n\nThis library exposes three methods:\n\n- `csp_generator::enforce()`\n- `csp_generator::report_only()`\n- `csp_generator::csp_only()`\n\nThe `enforce()` and `report_only()` methods will return a struct which contains a header string and a csp string. This will make sure you have the correct CSP header and CSP directive string dependent on whether you wish to use enforcement or report only modes.\n\nIf you only wish to return the CSP directive string call the `csp_only()` method.\n\nEach of the methods accepts two arguments a list of CSP directives you wish to use, plus the JSON config. You can use the built in CSP directives list configuration if you wish as it contains all the standard CSP directives, see `csp_generator::config`. However, as this functionality complies with an interface, it can be overridden.\n\n**Example Code**\n\n```rust\nuse csp_generator::{directives, Csp};\n\nfn main() {\n    let json = r#\"\n    [\n        {\"domain\": \"example.com\", \"directives\": [\"connect-src\"]},\n        {\"domain\": \"test.com\", \"directives\": [\"connect-src\", \"script-src\"]}\n    ]\n    \"#;\n\n    let csp: Csp = csp_generator::enforce(directives::directives(), json);\n\n    println!(\"This is the CSP Header: {}\", csp.header);\n    // This is the CSP Header: Content-Security-Policy\n    println!(\"This is the CSP Directives String: {}\", csp.csp);\n    // This is the CSP Directives String: script-src test.com; connect-src example.com test.com;\n}\n```\n\n## JSON Configuration\n\nThis library relies on a specific JSON format. This is an array of objects which contain two properties. The `domain` which is a string and the `directive` which is an array of directive strings.\n\n**Format**\n```js\n[\n    {\"domain\": string, \"directive\": array\u003cstring\u003e}\n]\n```\n\n**Example Config**\nIn this example we associate example.com with the connect-src directive and the test.com domain with the connect-src and script-src directives.\n\n```js\n[\n    {\"domain\": \"example.com\", \"directive\": [\"connect-src\"]},\n    {\"domain\": \"test.com\", \"directive\": [\"connect-src\", \"script-src\"]}\n]\n```\n\n## CSP Directives List\n\nAlong with supplying a list of domains and directives in JSON format, we also need to supply the csp_generator with a list of directives which we want to use in our CSP. \n\nYou can use the built CSP directives list config, as it contains a list of all the standard CSP directives. But if you wish to override this you can.\n\nYou just need to comply with the `csp_generator::directives::GetDirectives` trait (interface).\n\n**Example Override**\nThis override will generate a CSP directive string which only makes use of the script-src and connect-src. \n\n```rust\nuse csp_generator::directives::GetDirectives;\nuse csp_generator::Csp;\n\npub struct MyDirectives {\n    list: Vec\u003cString\u003e,\n}\n\nimpl GetDirectives for MyDirectives {\n    fn get_directives(\u0026self) -\u003e Vec\u003cString\u003e {\n        self.list.clone()\n    }\n}\n\n// Construct MyDirectives Struct with the directives you wish to use.\nfn my_directives() -\u003e MyDirectives {\n    MyDirectives {\n        list: vec![\n            String::from(\"script-src\"),\n            String::from(\"connect-src\"),\n        ],\n    }\n}\n\npub fn main() {\n    let json = r#\"\n    [\n        {\"domain\": \"example.com\", \"directives\": [\"connect-src\"]},\n        {\"domain\": \"test.com\", \"directives\": [\"connect-src\", \"img-src\"]}\n    ]\n    \"#;\n\n    let csp: Csp = csp_generator::report_only(my_directives(), json);\n\n    println!(\"This is the CSP Header: {}\", csp.header);\n    // This is the CSP Header: Content-Security-Policy-Report-Only\n    println!(\"This is the CSP Directives String: {}\", csp.csp);\n    // This is the CSP Directives String: connect-src example.com test.com;\n}\n```\n\n## License\nMIT\n\n## Author\n[@RobDWaller](https://twitter.com/RobDWaller)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frobdwaller%2Fcsp-generator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frobdwaller%2Fcsp-generator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frobdwaller%2Fcsp-generator/lists"}