CSP Config Generator

关于

This skill streamlines the process of securing Next.js applications by automatically analyzing resource dependencies—such as scripts, styles, and external APIs—to build robust Content Security Policy (CSP) configurations. It provides guided implementation for advanced security patterns like nonce-based strategies, middleware integration for dynamic header injection, and automated violation reporting. By identifying third-party domains and environment-specific requirements, the skill ensures that production environments remain hardened while maintaining developer productivity during local builds.

主要功能

• Nonce-based CSP implementation for secure handling of inline scripts in Next.js
• Generation of validation test suites and comprehensive security documentation
• Middleware configuration for dynamic header injection and environment-specific policies
• 0 GitHub stars
• Automated resource discovery to identify external scripts, styles, and API domains
• Automated CSP violation reporting endpoint and monitoring setup

使用场景

• Hardening a Next.js application against Cross-Site Scripting (XSS) attacks
• Auditing and documenting third-party resource dependencies for security compliance
• Implementing a strict, nonce-based security policy in a production environment