A simple application to send CSP violation reports to an email address
您最多选择25个主题 主题必须以字母或数字开头,可以包含连字符 (-),并且长度不得超过35个字符
bn4t 2b2ef39bd9 update example config 3 个月前
configs update example config 3 个月前
init rework csp-handler 3 个月前
.gitignore rework csp-handler 3 个月前
LICENSE add license 1年前
Makefile rework csp-handler 3 个月前
README.md fix typo 3 个月前
config.go rework csp-handler 3 个月前
csp-handler.go rework csp-handler 3 个月前
go.mod rework csp-handler 3 个月前
go.sum rework csp-handler 3 个月前
mail.go rework csp-handler 3 个月前
main.go rework csp-handler 3 个月前
rateLimit.go rework csp-handler 3 个月前



A simple application to send CSP violation reports to an email address


CSP-Handler needs to be behind a reverse proxy which forwards either the X-Forwarded-For or X-Real-IP header, otherwise rate limiting won’t work.


  1. Install golang (>=1.14) and GNU make if you don’t have them already
  2. Clone the repository: git clone https://git.bn4t.me/bn4t/csp-handler.git
  3. Checkout the latest stable tag
  4. Run make build to build the csp-handler binary
  5. Run sudo make install to install csp-handler on your system. This will create the directory /etc/csp-handler (config directory). Additionally the user csp-handler will be created.
  6. If you have systemd installed you can run sudo make install-systemd to install the systemd service. Run service csp-handler start to start the csp-handler service. Csp-handler will automatically run as the csp-handler user.

Make sure you edit the config located at /etc/csp-handler/config.toml before running the service.

Command line flags

  • -config <config file> - The location of the config file to use. Defaults to config.toml in the working directory.


Run sudo make uninstall to uninstall csp-handler. This will remove /etc/csp-handler if the directory is empty.

Run sudo make uninstall-systemd to remove the systemd service.


Include the report-uri directive in your content security policy:

report-uri https://csp-report.example.com/report-uri/mydomain.com

Replace csp-report.example.com with the domain on which csp-report is deployed and mydomain.com with the domain on which the content security policy is deployed.