pavlakis/csp-middleware
Composer 安装命令:
composer require pavlakis/csp-middleware
包简介
Add Content-Security-Policy headers for PSR-7 requests. Uses the csp-builder library paragonie/csp-builder.
README 文档
README
CSP Middleware
Add Content-Security-Policy headers using PSR-7 requests. Uses the paragonie/csp-builder package.
Usage
Adding the middleware is as simple as:
$app->add(new \Pavlakis\Middleware\Csp\CspMiddleware($container->get('csp'));
Where $container->get('csp') returns an instance of CSPBuilder with a CSP configuration.
There is a second parameter $reportOnly. It is a boolean and set to true by default and it will add the CSP header as Content-Security-Policy-Report-Only. This is important so you don't break your application accidentally.
To enable it, pass false
Use a json file with the csp policies.
Example:
{
"report-only": false,
"report-uri": "/csp/enforce",
"base-uri": [],
"default-src": [],
"child-src": {
"self": false
},
"connect-src": {},
"font-src": {
"self": true
},
"form-action": {
"self": true
},
"frame-ancestors": [],
"img-src": {
"self": true
},
"media-src": [],
"object-src": [],
"plugin-types": [],
"script-src": {
"allow": [
"https://www.google-analytics.com"
],
"self": true,
"unsafe-inline": false,
"unsafe-eval": false
},
"style-src": {
"self": true,
"unsafe-inline": false
},
"upgrade-insecure-requests": true
}
Example in Slim3
Dependencies (dependencies.php)
$container['csp'] = function ($c) { $csp = CSPBuilder::fromFile(__DIR__ . '/configs/csp.json'); return $csp; };
Application Middleware (middleware.php)
$app->add(new \Pavlakis\Middleware\Csp\CspMiddleware($container->get('csp'));
Resources
Useful resources for CSP
统计信息
- 总下载量: 521
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 3
- 点击次数: 0
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2017-04-28