2017 © Pedro Peláez
 

library content-security-policy

A really easy way to build CSP headers and add them to the response.

image

zae/content-security-policy

A really easy way to build CSP headers and add them to the response.

  • Sunday, January 8, 2017
  • by Zae
  • Repository
  • 1 Watchers
  • 0 Stars
  • 567 Installations
  • PHP
  • 0 Dependents
  • 0 Suggesters
  • 0 Forks
  • 0 Open issues
  • 2 Versions
  • 0 % Grown

The README.md

Content Security Policy

Latest Version on Packagist ![Software License][ico-license] Total Downloads codecov, (*1)

A really easy way to build CSP headers and add them to the response., (*2)

Officially supported platforms: - Laravel: ^5.8 - Craft: ^3.0, (*3)

Install

Via Composer, (*4)

bash $ composer require zae/content-security-policy, (*5)

Laravel

Middleware

Add the middleware to the middleware Kernel., (*6)

protected $middlewareGroups = [
    'web' => [
        ...
        \Zae\ContentSecurityPolicy\Laravel\Http\Middleware\ContentSecurityPolicy::class
    ],
]

Config (config/csp.php)

return [
    BlockAllMixedContent::class,
    Sandbox::class => [
        Sandbox::ALLOW_FORMS,
        Sandbox::ALLOW_SCRIPTS,
        Sandbox::ALLOW_TOP_NAVIGATION,
        Sandbox::ALLOW_SAME_ORIGIN,
        Sandbox::ALLOW_POPUPS,
    ]
];

Craft 3

The library includes a module for Craft 3 that can send the CSP header and a twig function to get the current CSP nonce., (*7)

Register the module like this:, (*8)

'modules' => [
    'csp' => \Zae\ContentSecurityPolicy\Craft\Module::class,
],
'bootstrap' => [
    'csp'
]

Use the twig functions like this:, (*9)

<script nonce="{{ cspnonce() }}">
    // inline javascript
</script>

Config (config/csp.php)

return [
    'components' => [
        'builder' => Builder::class,
    ],
    'params' => [
        BlockAllMixedContent::class,
        Sandbox::class => [
            Sandbox::ALLOW_FORMS,
            Sandbox::ALLOW_SCRIPTS,
            Sandbox::ALLOW_TOP_NAVIGATION,
            Sandbox::ALLOW_SAME_ORIGIN,
            Sandbox::ALLOW_POPUPS,
        ]
    ]
];

Other

Although not officially supported yet, it's possible to use this library with other frameworks, an easy method is by using FluidDirectivesFactory., (*10)

Fluid Factory

<?php
$csp = new CSP();
$factory = new FluidDirectivesFactory($csp);
$factory
    ->blockAllMixedContent()
    ->defaultSrc([
        Directive::SELF,
        'https:'
    ])
    ->baseUri([
        Directive::SELF
    ]);

Change log

Please see CHANGELOG for more information on what has changed recently., (*11)

Contributing

Please see CONTRIBUTING for details., (*12)

Security

If you discover any security related issues, please email ezra@tsdme.nl instead of using the issue tracker., (*13)

Credits

License

The MIT License (MIT). Please see License File for more information., (*14)

The Versions

08/01 2017

dev-master

9999999-dev

A really easy way to build CSP headers and add them to the response.

  Sources   Download

MIT

The Requires

  • php ^5.4|^7.0

 

by Ezra Pool

middleware http laravel 5 csp content security policy

08/01 2017

0.0.1

0.0.1.0

A really easy way to build CSP headers and add them to the response.

  Sources   Download

MIT

The Requires

  • php ^5.4|^7.0

 

by Ezra Pool

middleware http laravel 5 csp content security policy