Wallogit.com
2017 © Pedro Peláez
Some useful middleware for silex
A collection of middleware for use with Silex., (*1)
composer require ronanchilvers/silex-middleware
Configuration details varies depending on the middleware in use. See the notes below for specifics., (*2)
This middleware allows you to add a Content-Security-Policy header to responses. It uses the paragonie/csp-builder library to build the headers. You can pass your policy as an array as the first constructor argument., (*3)
$app->after(
new Ronanchilvers\Silex\Middleware\ContentSecurityPolicy([
'default-src' => [
'self' => true,
'unsafe-inline' => true,
],
'style-src' => [
'allow' => [
'https://fonts.googleapis.com'
],
'self' => true,
'unsafe-inline' => true,
],
'font-src' => [
'allow' => [
'https://fonts.gstatic.com/'
],
'self' => true
],
'report-only' => true,
])
);
This middleware adds a Referrer-Policy header to responses. This header has a single policy directive as its value which must be one of:, (*4)
The exact meaning of each of these is explained in this blog post by Scott Helme as well as on the w3.org official specification., (*5)
// This adds the middleware with a default 'no-referrer' policy
$app->after(new Ronanchilvers\Silex\ReferrerPolicy());
// This specifies the 'strict-origin' policy
$app->after(new Ronanchilvers\Silex\ReferrerPolicy('strict-origin'));
This middleware adds HSTS or Strict Transport Security headers to every response., (*6)
// Add with defaults $app->after(new Ronanchilvers\Silex\Middleware\StrictTransportSecurity()); // Or - set the max-age to 1 day / 86400 seconds $app->after(new Ronanchilvers\Silex\Middleware\StrictTransportSecurity(86400));
The middleware accepts two constructor arguments:, (*7)
Some useful middleware for silex
MIT
Some useful middleware for silex
MIT
Some useful middleware for silex
MIT
Some useful middleware for silex
MIT