assayer-pro/yii2-cspreport
Composer 安装命令:
composer require assayer-pro/yii2-cspreport
包简介
Yii2 Module for Content Security Policy Report
README 文档
README
yii2 Module for Content Security Policy Report
Installation
The preferred way to install this extension is through composer.
- Either run
php composer.phar require --prefer-dist "assayer-pro/yii2-cspreport" "*"
or add
"assayer-pro/yii2-cspreport" : "*"
to the require section of your application's composer.json file.
Usage
- Add a new module in modules section of your application's configuration file, for example:
'modules' => [ 'csp-report' => [ 'class' => 'assayerpro\cspreport\Module', 'message' => [ 'from' => 'admin@example.com', 'to' => 'developer@example.com', 'subject' => 'Content Security Policy Report', ], ], ],
- Add a new rule for
urlManagerof your application's configuration file, for example:
'components' => [ ... 'urlManager' => [ 'rules' => [ 'csp-report' => 'csp-report/report/index', ], ], ... ],
- Add application/csp-report parser:
'components' => [ ... 'request' => [ 'parsers' => [ 'application/csp-report' => 'yii\web\JsonParser', ], ], ... ],
- Apache Content-Security-Policy Header
Add the following to your httpd.conf in your VirtualHost or in an .htaccess file:
Header set Content-Security-Policy-Report-Only "default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report;"
- Nginx Content-Security-Policy Header
In your server {} block add:
add_header Content-Security-Policy-Report-Only "default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report";
You can also append always to the end to ensure that nginx sends the header reguardless of response code.
统计信息
- 总下载量: 4.55k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 3
- 点击次数: 2
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2016-02-20