mig5/cspresso.cafe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
cspresso.cafe/src/public/index.xml
Miguel Jacq 995092af42
Hugo site now
2026-01-06 09:51:05 +11:00

39 lines
3.6 KiB
XML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>cspresso - Brew a Content Security Policy on cspresso</title>
<link>https://cspresso.cafe/</link>
<description>Recent content in cspresso - Brew a Content Security Policy on cspresso</description>
<generator>Hugo</generator>
<language>en</language>
<atom:link href="https://cspresso.cafe/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>cspresso Docs</title>
<link>https://cspresso.cafe/docs.html</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>https://cspresso.cafe/docs.html</guid>
<description>On this page Install Run Output Inline scripts &amp;amp; styles Evaluate (Report-Only) Flags Prefer canonical docs? See the README. Docs Usage cspresso crawls up to --max-pages same-origin pages in Chromium, observes what loads, and emits a draft CSP. Install Copy # Recommended pipx install cspresso # Or plain pip (use a venv) pip install cspresso # An AppImage is also available on the # git repo Releases page. Python + Playwright You need Python 3.</description>
</item>
<item>
<title>cspresso Evaluate</title>
<link>https://cspresso.cafe/evaluate.html</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>https://cspresso.cafe/evaluate.html</guid>
<description>Evaluate Test a CSP before you enforce it Use --evaluate to inject a candidate policy as Content-Security-Policy-Report-Only, collect violations, and fail the run if anything would break. Copy cspresso https://example.com \ --bypass-csp \ --evaluate &#34;default-src &#39;self&#39;; script-src &#39;self&#39; https://cdn.jsdelivr.net;&#34; \ --json Exit codes 0 → no ReportOnly violations detected 1 → violations detected (ideal for CI gates) Tip: keep your CSP string quoted; it usually contains spaces and semicolons. Why --bypass-csp matters If the target site already sets an enforcing CSP, it can block loads and change runtime behaviour.</description>
</item>
<item>
<title>cspresso Recipes</title>
<link>https://cspresso.cafe/recipes.html</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>https://cspresso.cafe/recipes.html</guid>
<description>Recipes Practical workflows A handful of commands that cover most real-world cspresso usage.&#xA;Draft a CSP Copy cspresso https://example.com --max-pages 10 Start here, then audit the output. Crawls wont cover every flow (auth-only pages, conditional loads, A/B tests, etc.). Headed debugging Copy cspresso https://example.com --headed --settle-ms 2500 Useful when the site does delayed loads or you want to visually confirm whats happening during the crawl. Sourcemaps &amp;amp; connect-src Copy cspresso https://example.</description>
</item>
<item>
<title>cspresso Security</title>
<link>https://cspresso.cafe/security.html</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>https://cspresso.cafe/security.html</guid>
<description>Security Security notes cspresso runs a real browser. Thats the point - and also the main safety consideration. What cspresso does cspresso launches Chromium via Playwright and loads your target pages. The sites JavaScript and CSS execute like a normal browser session. Network requests are observed to build a draft CSP, and (optionally) a candidate policy is injected as ReportOnly to capture violations. About --bypass-csp It can change risk Bypassing CSP strips existing CSP headers on HTML responses.</description>
</item>
</channel>
</rss>
Reference in a new issue View git blame Copy permalink