Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/elusivecodes/fyrecsp

FyreCSP is a free, open-source content security policy library for PHP.
https://github.com/elusivecodes/fyrecsp

content-security-policy csp php

Last synced: 6 months ago
JSON representation

FyreCSP is a free, open-source content security policy library for PHP.

Awesome Lists containing this project

README 

        
# FyreCSP



**FyreCSP** is a free, open-source content security policy library for *PHP*.



## Table Of Contents

- [Installation](#installation)

- [Basic Usage](#basic-usage)

- [Methods](#methods)

- [Policies](#policies)

- [Middleware](#middleware)



## Installation



**Using Composer**



```

composer require fyre/csp

```



In PHP:



```php

use Fyre\Security\ContentSecurityPolicy;

```



## Basic Usage



- `$config` is a [*Config*](https://github.com/elusivecodes/FyreConfig).



```php

$csp = new ContentSecurityPolicy($config);

```



Default configuration options will be resolved from the "*Csp*" key in the [*Config*](https://github.com/elusivecodes/FyreConfig).



- `$options` is an array containing configuration options.

    - `default` is an array containing the policy directives, and will default to `[]`.

    - `report` is an array containing the report-only directives, and will default to *null*.

    - `reportTo` is an array containing the Report-To header value, and will default to *[]*.



```php

$container->use(Config::class)->set('Csp', $options);

```



**Autoloading**



It is recommended to bind the *ContentSecurityPolicy* to the [*Container*](https://github.com/elusivecodes/FyreContainer) as a singleton.



```php

$container->singleton(ContentSecurityPolicy::class);

```



Any dependencies will be injected automatically when loading from the [*Container*](https://github.com/elusivecodes/FyreContainer).



```php

$csp = $container->use(ContentSecurityPolicy::class);

```



## Methods



**Add Headers**



Add CSP headers to a [*ClientResponse*](https://github.com/elusivecodes/FyreServer#client-responses).



- `$response` is a [*ClientResponse*](https://github.com/elusivecodes/FyreServer#client-responses).



```php

$newResponse = $csp->addHeaders($response);

```



**Clear**



Clear all policies.



```php

$csp->clear();

```



**Create Policy**



Create a [*Policy*](#policies).



- `$key` is a string representing the policy key, and should be one of either `ContentSecurityPolicy::DEFAULT` or `ContentSecurityPolicy::REPORT`.

- `$directives` is an array containing the directives to add, and will default to *[]*.



```php

$csp->createPolicy($key, $directives);

```



**Get Policy**



Get a [*Policy*](#policies).



- `$key` is a string representing the policy key, and should be one of either `ContentSecurityPolicy::DEFAULT` or `ContentSecurityPolicy::REPORT`.



```php

$policy = $csp->getPolicy($key);

```



**Get Policies**



Get all policies.



```php

$policies = $csp->getPolicies();

```



**Get Report To**



Get the Report-To values.



```php

$reportTo = $csp->getReportTo();

```



**Has Policy**



Determine whether a policy exists.



- `$key` is a string representing the policy key, and should be one of either `ContentSecurityPolicy::DEFAULT` or `ContentSecurityPolicy::REPORT`.



```php

$hasPolicy = $csp->hasPolicy($key);

```



**Set Policy**



Set a policy.



- `$key` is a string representing the policy key, and should be one of either `ContentSecurityPolicy::DEFAULT` or `ContentSecurityPolicy::REPORT`.

- `$policy` is a [*Policy*](#policies).



```php

$csp->setPolicy($key, $policy);

```



**Set Report To**



Set the Report-To values.



- `$reportTo` is an array containing the [Report-To](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/report-to) values.



```php

$csp->setReportTo($reportTo);

```



## Policies



**Add Directive**



Add options to a directive.



- `$directive` is a string representing the directive.

- `$value` is a string, or an array of strings containing the values to add. For directives that don't require values, you can set this to *true* or *false* indicating whether to include the directive.



```php

$newPolicy = $policy->addDirective($directive, $value);

```



**Get Directive**



Get the options for a directive.



- `$directive` is a string representing the directive.



```php

$options = $policy->getDirective($directive);

```



**Get Header**



Get the header string.



```php

$header = $policy->getHeader();

```



**Has Directive**



Determine whether a directive exists.



- `$directive` is a string representing the directive.



```php

$hasDirective = $policy->hasDirective($directive);

```



**Remove Directive**



Remove a directive.



- `$directive` is a string representing the directive.



```php

$newPolicy = $policy->removeDirective($directive);

```



## Middleware



```php

use Fyre\Security\Middleware\CspMiddleware;

```



- `$csp` is a *ContentSecurityPolicy*.



```php

$middleware = new CspMiddleware($csp);

```



Any dependencies will be injected automatically when loading from the [*Container*](https://github.com/elusivecodes/FyreContainer).



```php

$middleware = $container->build(CspMiddleware::class);

```



**Handle**



Handle a [*ServerRequest*](https://github.com/elusivecodes/FyreServer#server-requests).



- `$request` is a [*ServerRequest*](https://github.com/elusivecodes/FyreServer#server-requests).

- `$next` is a *Closure*.



```php

$response = $middleware->handle($request, $next);

```



This method will return a [*ClientResponse*](https://github.com/elusivecodes/FyreServer#client-responses).