DDEV application based on Laravel for simulating the Content-Security-Policy impact on arbitrary URLs, by using a man-in-the-middle HTTP proxy.
- having Docker installed locally (see https://docs.docker.com/get-docker/)
- having DDEV installed locally (see https://ddev.readthedocs.io/en/stable/#installation)
git clone https://github.com/ohader/csp-simulator.git
cd csp-simulator
ddev start
ddev composer install
To make other DDEV projects known to the internal networking and name resolution, those other projects need to be referenced. Please navigate to .ddev/docker-compose.extra.yaml and add the DDEV projects to be linked.
This example allows using the separate DDEV project at https://typo3v12.ddev.site
from within the ddev-csp-simulator-web
Docker container.
version: '3.6'
services:
web:
external_links:
- ddev-typo3v12-web:typo3v12.ddev.site
- open https://csp-simulator.ddev.site/ in your favorite browser
- put in the desired URL that shall be analyzed (needs to be resolvable for Docker/DDEV)
- click on
fetch
to resolve the currentContent-Security-Policy
headers (if any) - adjust the CSP details in the textarea & see inspect results by clicking on
apply
© 2023 Oliver Hader <oliver.hader@typ3.org>
GitHub | LinkedIn