https://github.com/googlechromelabs/isewebsecuritybundle

A Symfony bundle providing web security features in the form of COOP, COEP, Fetch Metadata and Trusted types
https://github.com/googlechromelabs/isewebsecuritybundle

coep symfony symfony-bundle trusted-types wip

Last synced: 3 months ago
JSON representation

A Symfony bundle providing web security features in the form of COOP, COEP, Fetch Metadata and Trusted types

Host: GitHub
URL: https://github.com/googlechromelabs/isewebsecuritybundle
Owner: GoogleChromeLabs
License: apache-2.0
Created: 2020-07-11T10:18:57.000Z (over 5 years ago)
Default Branch: main
Last Pushed: 2020-09-24T13:36:45.000Z (about 5 years ago)
Last Synced: 2025-06-30T05:18:40.428Z (3 months ago)
Topics: coep, symfony, symfony-bundle, trusted-types, wip
Language: PHP
Homepage: http://esp-demo-2020.ew.r.appspot.com/
Size: 89.8 KB
Stars: 10
Watchers: 4
Forks: 4
Open Issues: 4
Metadata Files:
- Readme: README.md
- Contributing: docs/contributing.md
- License: LICENSE
- Code of conduct: docs/code-of-conduct.md

Awesome Lists containing this project

README

[![Build Status](https://travis-ci.com/GoogleChromeLabs/IseWebSecurityBundle.svg?branch=main)](https://travis-ci.com/GoogleChromeLabs/IseWebSecurityBundle)
[![Coverage Status](https://coveralls.io/repos/github/GoogleChromeLabs/IseWebSecurityBundle/badge.svg?branch=ci)](https://coveralls.io/github/GoogleChromeLabs/IseWebSecurityBundle?branch=ci)

# 🔐 IseWebSecurityBundle

A Symfony bundle that implements best practice for security features,
including:

- Content Security Policy (CSP)
- Cross Origin Opener Policy / Cross Origin Embedder Policy (COOP/COEP)
- Fetch metadata headers
- Trusted Types

# 🖥️ Usage

Install the package from Packagist:

`composer require googlechromelabs/ise-web-security-bundle`

Due to a lack of Symfony Flex recipe to do so automatically. In your projects `/config/packages` folder, create `ise_web_security.yaml` and populate it with the yaml config detailed below.

## Config

More Config details can be found [here](https://github.com/GoogleChromeLabs/IseWebSecurityBundle/wiki/Configuration)

The config within your Symfony project will control how the bundle works in your Application.
Below, you will find an example config for the current state of the project that will activate
the majority of the features. The `ise_web_security.yaml.dist` is also an example of this file.

>ise_web_security.yaml

```yaml
ise_web_security:
defaults:
preset: 'full'
paths:
'^/public':
coop:
active: false
coep:
active: false
fetch_metadata:
active: false
'^/admin':
fetch_metadata:
allowed_endpoints: ['/images']
trusted_types:
active: true
polices: ['foo', 'bar']
require_for: ['script', 'style']

```

## Wiki

This Repo has a wiki! Check it out [here](https://github.com/GoogleChromeLabs/IseWebSecurityBundle/wiki)

## 🤝 Contributing

Issues and pull requests are always welcome. For details, see
[docs/contributing.md](docs/contributing.md)

This is not an officially supported Google product.

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/googlechromelabs/isewebsecuritybundle

Awesome Lists containing this project

README