Content-Security-Policy report aggregator/analyzer
JavaScript HTML CSS
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
bin Added command line argument parser Aug 20, 2014
models Added better indexs, and improved aggregation sped Sep 6, 2014
public special thanks Sep 15, 2014
routes Fixed bug with filter creation Sep 14, 2014
.bowerrc Initial commit Jul 20, 2014
.gitattributes Initial commit Jul 20, 2014
.gitignore Started writing a README, V1 Aug 20, 2014 Update Aug 31, 2016
app.js Scrub scrub scrub three men in a tub Sep 6, 2014
app.json Changed mongolab plan to free Aug 13, 2014
bower.json somehow I screwed up the bower.json file Aug 25, 2014
logger.js Added transports for errors Aug 4, 2014
options.js heroku require process.env.port Aug 20, 2014
package.json Adde policy builder and inline helper along with a bunch of minor fixes Sep 14, 2014

Caspr (not under development)



Caspr is a Content-Security-Policy report endpoint, aggregator, and analyzer.

It contains three parts:

What is Content-Security-Policy?


Either use Heroku, or to install manually, install NodeJS/npm/MongoDB(>2.6).

git clone
cd caspr
npm install
forever bin/www


$> node bin/www --help

Usage: node www [options]

   -p, --port               Port to run http caspr  [3000]
   --ssl                    Run ssl on port 443  [false]
   --sslKeyFile             SSL key file for ssl  [./bin/certs/key.pem]
   --sslCertFile            SSL certificate file for ssl  [./bin/certs/cert.pem]
   --cappedCollectionSize   Size of report collection in bytes  [0]


To use caspr with SSL, set sslKeyFIle and sslCertFile to the location of your cert and private key file on disk with --sslKeyFile and --sslCertFIle.

forever bin/www --ssl --sslKeyFile /var/certs/key.pem --sslCertFile /var/certs/cert.pem

Capped Collections

MongoDB supports capped collections, meaning you can specifiy a maximum size for the reports collection in your DB.

For my own deployments I usually set it around 1GB, but on Heroku the maximum size of the free version is .5GB.

To use capped collections, either set it manually or pass the size in bytes you'd like the reports collection to be.

forever bin/www --capped 500000000 // .5GB
use caspr
db.runCommand({convertToCapped: 'reports', size: 500000000 })

How do I dump all reports?

All reports are stored within MongoDB. So a script such as the following can be used to dump all reports into a json file


cursor = db.getSiblingDB('caspr').reports.find();
while ( cursor.hasNext() ) {
   printjson( );
mongo dump.js > dump.json