Initial commit
This commit is contained in:
Zhongwei Li
132
scripts/check-csp.sh
Executable file
132
scripts/check-csp.sh
Executable file
@@ -0,0 +1,132 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# Turnstile CSP Checker
|
||||
#
|
||||
# Verifies that Content Security Policy headers allow Turnstile to function
|
||||
#
|
||||
# Usage:
|
||||
# ./check-csp.sh https://example.com
|
||||
# ./check-csp.sh https://example.com/contact
|
||||
#
|
||||
|
||||
set -e
|
||||
|
||||
# Colors for output
|
||||
RED='\033[0;31m'
|
||||
GREEN='\033[0;32m'
|
||||
YELLOW='\033[1;33m'
|
||||
NC='\033[0m' # No Color
|
||||
|
||||
# Check if URL is provided
|
||||
if [ -z "$1" ]; then
|
||||
echo -e "${RED}Error: Please provide a URL${NC}"
|
||||
echo "Usage: $0 <url>"
|
||||
echo "Example: $0 https://example.com"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
URL="$1"
|
||||
|
||||
echo -e "${GREEN}Checking CSP for Turnstile compatibility...${NC}"
|
||||
echo "URL: $URL"
|
||||
echo ""
|
||||
|
||||
# Fetch headers
|
||||
HEADERS=$(curl -sI "$URL")
|
||||
|
||||
# Extract CSP header
|
||||
CSP=$(echo "$HEADERS" | grep -i "content-security-policy:" | sed 's/content-security-policy: //I')
|
||||
|
||||
if [ -z "$CSP" ]; then
|
||||
echo -e "${YELLOW}No Content-Security-Policy header found${NC}"
|
||||
echo "✅ Turnstile should work (no CSP restrictions)"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
echo "CSP Header found:"
|
||||
echo "$CSP"
|
||||
echo ""
|
||||
|
||||
# Initialize pass/fail counters
|
||||
PASS=0
|
||||
FAIL=0
|
||||
|
||||
# Check script-src
|
||||
echo -e "${GREEN}Checking script-src...${NC}"
|
||||
if echo "$CSP" | grep -q "script-src"; then
|
||||
if echo "$CSP" | grep -E "script-src[^;]*https://challenges.cloudflare.com" > /dev/null; then
|
||||
echo "✅ script-src allows https://challenges.cloudflare.com"
|
||||
((PASS++))
|
||||
elif echo "$CSP" | grep -E "script-src[^;]*\*" > /dev/null; then
|
||||
echo "✅ script-src allows * (wildcard)"
|
||||
((PASS++))
|
||||
else
|
||||
echo -e "${RED}❌ script-src does NOT allow https://challenges.cloudflare.com${NC}"
|
||||
echo " Add: script-src https://challenges.cloudflare.com;"
|
||||
((FAIL++))
|
||||
fi
|
||||
else
|
||||
echo "⚠️ No script-src directive found (defaults may apply)"
|
||||
fi
|
||||
echo ""
|
||||
|
||||
# Check frame-src
|
||||
echo -e "${GREEN}Checking frame-src...${NC}"
|
||||
if echo "$CSP" | grep -q "frame-src"; then
|
||||
if echo "$CSP" | grep -E "frame-src[^;]*https://challenges.cloudflare.com" > /dev/null; then
|
||||
echo "✅ frame-src allows https://challenges.cloudflare.com"
|
||||
((PASS++))
|
||||
elif echo "$CSP" | grep -E "frame-src[^;]*\*" > /dev/null; then
|
||||
echo "✅ frame-src allows * (wildcard)"
|
||||
((PASS++))
|
||||
else
|
||||
echo -e "${RED}❌ frame-src does NOT allow https://challenges.cloudflare.com${NC}"
|
||||
echo " Add: frame-src https://challenges.cloudflare.com;"
|
||||
((FAIL++))
|
||||
fi
|
||||
else
|
||||
echo "⚠️ No frame-src directive found (defaults may apply)"
|
||||
fi
|
||||
echo ""
|
||||
|
||||
# Check connect-src
|
||||
echo -e "${GREEN}Checking connect-src...${NC}"
|
||||
if echo "$CSP" | grep -q "connect-src"; then
|
||||
if echo "$CSP" | grep -E "connect-src[^;]*https://challenges.cloudflare.com" > /dev/null; then
|
||||
echo "✅ connect-src allows https://challenges.cloudflare.com"
|
||||
((PASS++))
|
||||
elif echo "$CSP" | grep -E "connect-src[^;]*\*" > /dev/null; then
|
||||
echo "✅ connect-src allows * (wildcard)"
|
||||
((PASS++))
|
||||
else
|
||||
echo -e "${RED}❌ connect-src does NOT allow https://challenges.cloudflare.com${NC}"
|
||||
echo " Add: connect-src https://challenges.cloudflare.com;"
|
||||
((FAIL++))
|
||||
fi
|
||||
else
|
||||
echo "⚠️ No connect-src directive found (defaults may apply)"
|
||||
fi
|
||||
echo ""
|
||||
|
||||
# Final verdict
|
||||
echo "========================================"
|
||||
if [ $FAIL -eq 0 ]; then
|
||||
echo -e "${GREEN}✅ CSP is compatible with Turnstile!${NC}"
|
||||
exit 0
|
||||
else
|
||||
echo -e "${RED}❌ CSP may block Turnstile${NC}"
|
||||
echo ""
|
||||
echo "Recommended CSP directives:"
|
||||
echo ""
|
||||
echo "<meta http-equiv=\"Content-Security-Policy\" content=\""
|
||||
echo " script-src 'self' https://challenges.cloudflare.com;"
|
||||
echo " frame-src 'self' https://challenges.cloudflare.com;"
|
||||
echo " connect-src 'self' https://challenges.cloudflare.com;"
|
||||
echo "\">"
|
||||
echo ""
|
||||
echo "Or in HTTP header:"
|
||||
echo ""
|
||||
echo "Content-Security-Policy: script-src 'self' https://challenges.cloudflare.com; frame-src 'self' https://challenges.cloudflare.com; connect-src 'self' https://challenges.cloudflare.com"
|
||||
echo ""
|
||||
exit 1
|
||||
fi
|
||||
15
scripts/example-script.sh
Executable file
15
scripts/example-script.sh
Executable file
@@ -0,0 +1,15 @@
|
||||
#!/bin/bash
|
||||
|
||||
# [TODO: Script Name]
|
||||
# [TODO: Brief description of what this script does]
|
||||
|
||||
# Example script structure - delete if not needed
|
||||
|
||||
set -e # Exit on error
|
||||
|
||||
# [TODO: Add your script logic here]
|
||||
|
||||
echo "Example script - replace or delete this file"
|
||||
|
||||
# Usage:
|
||||
# ./scripts/example-script.sh [args]
|
||||
Reference in New Issue
Block a user