[jamieweb]

This looks good - it's great to see development in the CSP space since it's such as great yet not widely used feature.

I've also made something on the same lines as this, although not as a complete tool like yours. Essentially I have a default policy for my site, but I can manually override individual directives on a per-page basis. I called it 'CSP Extreme': https://www.jamieweb.net/blog/taking-content-security-policy...

[pgilad]

Thanks! I like your work on it. I have several ideas on how to generally improve the CSP development that I want to implement, and needed a good infrastructure for doing it: - CSP optimizations, like removing redundant fields (like a minifier) - CSP parsing - CSP security warnings or rating (like for unsafe eval) - CSP Presets, might be general presets, or extendable presets for various tools, like Google Analytics for example - CSP deprecations and level supports

So far, I've created this tool to help me with it's usage (See https://github.com/pgilad/www.giladpeleg.com/blob/master/scr...), but the best feature is by far using Typescript (I considered using Java) for typed directives and sources.