asynquence - Asynchronous flow control (promises, generators, observables, CSP, etc)

•    Javascript

promise-style async sequence flow-control

Venice - Coroutines, structured concurrency and CSP for Swift on macOS and Linux.

•    Swift

Venice provides structured concurrency and CSP for Swift.Venice wraps a fork of the C library libdill.

secureheaders - Manages application of security headers with many safe defaults

•    Ruby

master represents the unreleased 4.x line. See the upgrading to 4.x doc for instructions on how to upgrade. Bug fixes should go in the 3.x branch for now.The 3.x branch is moving into maintenance mode. See the upgrading to 3.x doc for instructions on how to upgrade including the differences and benefits of using the 3.x branch.

chan - Pure C implementation of Go channels.

•    Shell

Pure C implementation of Go channels.Unbuffered channels provide both a mechanism for communication as well as synchronization. When data is sent into the channel, the sender blocks until a receiver is ready. Likewise, a receiver will block until a sender is ready.

secure_headers - Manages application of security headers with many safe defaults

•    Ruby

master represents 6.x line. See the upgrading to 4.x doc, upgrading to 5.x doc, or upgrading to 6.x doc for instructions on how to upgrade. Bug fixes should go in the 5.x branch for now. The 3.x branch is moving into maintenance mode. See the upgrading to 3.x doc for instructions on how to upgrade including the differences and benefits of using the 3.x branch.

secure_headers - Manages application of security headers with many safe defaults

•    Ruby

main branch represents 6.x line. See the upgrading to 4.x doc, upgrading to 5.x doc, or upgrading to 6.x doc for instructions on how to upgrade. Bug fixes should go in the 5.x branch for now. It can also mark all http cookies with the Secure, HttpOnly and SameSite attributes. This is on default but can be turned off by using config.cookies = SecureHeaders::OPT_OUT.

csp-builder - Build Content-Security-Policy headers from a JSON file (or build them programmatically)

•    PHP

Easily integrate Content-Security-Policy headers into your web application, either from a JSON configuration file, or programatically. CSP Builder was created by Paragon Initiative Enterprises as part of our effort to encourage better application security practices.

SecureHeaders - A PHP library aiming to make the use of browser security features more accessible.

•    PHP

A PHP class aiming to make the use of browser security features more accessible. For full documentation, please see the Wiki.

CSP in F#

A small and simple CSP (Constraint Satisfaction Problem) solver library in F#.

Citizen Service Platform - Solution Accelerators

The Citizen Service Platform is about showing how the different Microsoft Platforms can be used to better serve the needs of Local and Regional Government and their citizens. These templates are designed to show how these platforms can be utilised in a more effective manner.

Schedule4Net - a general purpose scheduling framework

•    CSharp

This is a general scheduling framework able to create schedules using arbitrary constraints written in C#.

remote-csp-channel - Remote bridge for CSP channels

•    Javascript

CSP channel that bridges to remote contexts

node-csp - Communicating sequential processes for node.

•    Javascript

Communicating sequential processes for node. Go style concurrency with channels.WARNING: This package is at an experimental stage at the moment.

csp-logger - Log all the CSP violations!

•    Javascript

Content Security Policy Logging Service

flexy - Friendly flux based on channels and immutable data

•    Javascript

A Flux library based on Channels and reducer functions

csptester - A quick and easy way to test CSP behavior on modern browsers

•    HTML

csptester is a Node.js-based web app that can frame a user's HTML content and allow them to test CSP policies in a browser of their choice to see what fails/works. You may optionally even try XSS attacks against your code. There are tools like http://caniuse.com/#search=csp that shows which browser versions support CSP, but it doesn't convey disparity in support between versions or browsers. And that's one reason csptester is helpful.CSP implementation differs between browsers. Even CSP 1.0 implementation is not consistent across all modern browsers. Therefore understanding browser's CSP support is important to implement CSP on your property. This is a tool to test policy behavior (with your sample script) across multiple browsers. However this is NOT intended to use to test a random site's CSP behavior.

express-csp - Express extension for Content Security Policy

•    Javascript

This is an Express extension which allows you to set the content-security-policy for your Express Application.When set to true, a nonce will be generated for the 'script-src' directive of each response and made available as the res.locals.cspToken value. This value can then be used in your templates to allow for specified inline script blocks. If useStyleNonce is also true, the same token will be added to the 'style-src' directive and the same token will be available for inline style blocks.

zMonitor - Azure Multi-subscription/tenant Monitoring Solution

•    PowerShell

An Azure platform native monitoring solution that enables Azure monitoring across multiple tenants or subscriptions.Problem statement: A service provider with 50 tenants, each with Azure subscriptions provisioned through CSP (Cloud Solution Provider), needs to consolidate operational telemetry to optimize running costs, as well as deliver higher SLAs with a minimum amount of administrative overhead.

SOMns - SOMns: A Newspeak for Concurrency Research

•    Java

Newspeak is a dynamic, class-based, purely object-oriented language in the tradition of Smalltalk and Self. SOMns is an implementation of the Newspeak Specification Version 0.0.95 derived from the SOM(Simple Object Machine) class libraries, and based on the TruffleSOM. Thus, SOMns is implemented using the Truffle framework and runs on the JVM platform. SOMns is implemented as self-optimizing AST interpreter using the Truffle framework. Thus, it can utilize the Truffle support for just-in-time compilation to optimize the execution performance at runtime. It is completely file-based and does not have support for images. The parser is written in Java and creates a custom AST that is geared towards representing the executable semantics.

channel - CSP style channel implementation, for the Channel specification

•    Javascript

This library is a reference implementation of CSP style channels. If you are not familiar with channels and do not have time to read the paper at least take 30 minutes to watch Rob Pike's talk that is a really good introduction. A key characteristic of channels is that they are blocking (not in a thread blocking sense, but rather in logical sense, you need to asynchronously wait to continue). In the most primitive form, an unbuffered channel acts as a rendezvous, any consumer will await a producer and vice-versa. Buffering can be introduced, but unbounded buffering is discouraged, as bounded buffering with blocking can be an important tool coordinating pacing and back pressure, ensuring a system doesn't take on more work than it can achieve.