cleaning up

.github/workflows/regression-test-http.yml

@@ -14,7 +14,7 @@ jobs:
     strategy:
             matrix:
                 os: [ubuntu-latest, windows-latest]
-                config: ['review_show_improvements_only=True,sitespeed_use_docker=False']
+                config: ['review_show_improvements_only=True,sitespeed_use_docker=False,csp_only=False', 'review_show_improvements_only=True,sitespeed_use_docker=False,csp_only=True']
                 version: [21]
                 include:
                   - os: ubuntu-latest

SAMPLE-config.py

@@ -57,6 +57,9 @@
 # Tell tests to use detailed report (when available) for review and rating
 use_detailed_report = False
 
+# Tells HTTP test to ignore everything except the CSP part (great if you run it against sitemap to get CSP recommendation)
+csp_only = False
+
 # Tell software test to use stealth mode or not, default is 'True'
 software_use_stealth = True
 

docs/tests/http.md

@@ -10,8 +10,9 @@ Add small description of what this test is.
 
 Checks if HTTP requests are redirected to HTTPS.
 A common misstake is to forget to force this redirect for root domain if www. subdomain is used.
+Also checks for HSTS support.
 
-### TLS and SSL support
+### TLS support
 
 Checks for Secure encryption support
 * Checks for TLS 1.3 support
@@ -33,6 +34,11 @@ Checks for Insecure encryption support
 * Checks for IPv4 support
 * Checks for IPv6 support
 
+### Content Security Policy (CSP) support
+
+* Checks for CSP support
+* Gives CSP recommendation if it could improve 0.75 or more in rating
+
 ## How are rating being calculated?
 
 This section has not been written yet.
@@ -79,5 +85,11 @@ Read more on the [general page for github actions](../getting-started-github-act
 
 ## FAQ
 
-No frequently asked questions yet :)
+### How to get CSP recommendation for website
+Did you know you can get a CSP recommendation for all/part of your website?
+Do the following and webperf_core will give a CSP recommendation for more than 1 page.
+* Set `csp_only = True` in your `config.py`
+* Point webperf_core to your sitemap or your own list pages you want to test.
 
+Example, below will take first 25 items from sitemap:
+`python default.py -r -t 21 --input-take=25 -i https://nimbleinitiatives.com/sitemap.xml`

tests/http_validator.py

@@ -70,8 +70,6 @@ def run_test(_, langCode, url):
 
     global csp_only_global_result_dict
 
-    # TODO: Check if we can use sitespeed instead (to make it more accurate), https://addons.mozilla.org/en-US/firefox/addon/http2-indicator/
-
     result_dict = {}
 
     language = gettext.translation(
@@ -308,10 +306,6 @@ def create_csp(csp_findings, org_domain):
             if element_name == 'img':
                 img_src.append(host_source)
 
-
-    # TODO: we should check in HTML if base-uri is used
-
-
     # Ensure policies that is NOT covered by a fallback
     if len(base_uri) == 0:
         base_uri.append('\'self\'')

tests/sitespeed_base.py

@@ -32,8 +32,8 @@ def get_result(url, sitespeed_use_docker, sitespeed_arg, timeout):
     result_folder_name = os.path.join(folder, hostname, '{0}'.format(str(uuid.uuid4())))
     # result_folder_name = os.path.join('data', 'results')
 
-    sitespeed_arg += ' --outputFolder {0} {1}'.format(result_folder_name, url)
-    # sitespeed_arg += ' --postScript chrome-cookies.cjs --postScript chrome-versions.cjs --outputFolder {0} {1}'.format(result_folder_name, url)
+    #sitespeed_arg += ' --outputFolder {0} {1}'.format(result_folder_name, url)
+    sitespeed_arg += ' --postScript chrome-cookies.cjs --postScript chrome-versions.cjs --outputFolder {0} {1}'.format(result_folder_name, url)
     # sitespeed_arg += ' --outputFolder {0} {1}'.format(result_folder_name, url)
 
     filename = ''