# Help Dynamically Generating CSP Nginx Include

**URL:** https://discourse.roots.io/t/help-dynamically-generating-csp-nginx-include/8967
**Category:** trellis
**Created:** 2017-03-02T17:03:11Z
**Posts:** 4
**Showing post:** 2 of 4

## Post 2 by @fullyint — 2017-03-02T17:50:42Z

Thanks for posting what you’ve tried.

You discovered that `{{ item }}` returns `nginx-includes/example.com/csp.conf.j2`. This is because the template task creating that file is using [`with_items`](https://github.com/roots/trellis/blob/8a6789a113f8296956164b65c80e0fe3bcfb97f2/roles/wordpress-setup/tasks/nginx-includes.yml#L32) (a [standard loop](http://docs.ansible.com/ansible/playbooks_loops.html#standard-loops)), where each `item` is a template file name.

If you switch your strategy from [include-files](https://roots.io/trellis/docs/nginx-includes/#include-files) to [child-templates](https://roots.io/trellis/docs/nginx-includes/#child-templates), the template task creating your child template will use [`with_dict`](https://github.com/roots/trellis/blob/8a6789a113f8296956164b65c80e0fe3bcfb97f2/roles/wordpress-setup/tasks/nginx.yml#L30) (thus [looping over hashes](http://docs.ansible.com/ansible/playbooks_loops.html#looping-over-hashes)), where each `item.value.somevar` is the value of `somevar` in a site from `wordpress_sites`. See example usages of `item.value` in the [`wordpress-site.conf.j2`](https://github.com/roots/trellis/blob/8a6789a113f8296956164b65c80e0fe3bcfb97f2/roles/wordpress-setup/templates/wordpress-site.conf.j2) template.

Follow the [docs for creating a child template](https://roots.io/trellis/docs/nginx-includes/#child-templates), maybe something like this (untested):

```
{% extends 'roles/nginx/templates/nginx.conf.j2' %}

  {% block server_basic -%}
  {{ super() }}
  add_header Content-Security-Policy "default-src 'none'; script-src https://{{ site_hosts_canonical | join(' https://') }};
  {% endblock %}
```

(see jinja2 [join filter](http://jinja.pocoo.org/docs/2.9/templates/#join))

You’ll see how [`site_hosts_canonical`](https://github.com/roots/trellis/blob/8a6789a113f8296956164b65c80e0fe3bcfb97f2/group_vars/all/helpers.yml#L13) is just a helper variable that itself uses `item.value.site_hosts` and the jinja2 [map filter](http://jinja.pocoo.org/docs/latest/templates/#map).

* * *

P.S., If your Trellis is up-to-date, you can apply the nginx changes more quickly than  
`vagrant reload --provision` because reloading (rebooting) the VM is not necessary, nor is most of the `provision` process. Try this:

```
ANSIBLE_TAGS=nginx-includes vagrant provision
```

---

_[View the full topic](https://discourse.roots.io/t/help-dynamically-generating-csp-nginx-include/8967)._