https://github.com/kenjis/php-csp-nonce-source
CSP (Content Security Policy) nonce-source for PHP
https://github.com/kenjis/php-csp-nonce-source
csp php
Last synced: 9 months ago
JSON representation
CSP (Content Security Policy) nonce-source for PHP
- Host: GitHub
- URL: https://github.com/kenjis/php-csp-nonce-source
- Owner: kenjis
- License: mit
- Created: 2014-10-25T10:53:29.000Z (about 11 years ago)
- Default Branch: master
- Last Pushed: 2023-10-19T19:18:35.000Z (about 2 years ago)
- Last Synced: 2025-04-15T00:54:17.362Z (9 months ago)
- Topics: csp, php
- Language: PHP
- Homepage:
- Size: 71.3 KB
- Stars: 6
- Watchers: 2
- Forks: 0
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
- License: LICENSE.md
Awesome Lists containing this project
README
# CSP nonce-source for PHP
[](https://travis-ci.org/kenjis/php-csp-nonce-source)
[](https://scrutinizer-ci.com/g/kenjis/php-csp-nonce-source/?branch=master)
[](https://scrutinizer-ci.com/g/kenjis/php-csp-nonce-source/?branch=master)
CSP (Content Security Policy) nonce-source library for PHP.
## What is CSP nonce-source?
It is one of CSP 2 features to prevent XSS.
If you don't know, please see [CSP for the web we have | Mozilla Security Blog](https://blog.mozilla.org/security/2014/10/04/csp-for-the-web-we-have/).
## Requirement
* PHP 5.4 or lator
## Installation
~~~
$ git clone https://github.com/kenjis/php-csp-nonce-source.git
$ cd php-csp-nonce-source
$ composer install
~~~
## Usage
All you have to call is only `Csp::sendHeader()` and `Csp::getNonce()`.
`Csp::sendHeader()` sends CSP header.
`Csp::getNonce()` returns nonce value.
~~~php
Sample of CSP nonce-source
alert('This works!');
alert('This does not work!');
~~~
You can test it with PHP built-in web server.
~~~
$ php -S localhost:8000
~~~
And browse .
You can see CSP violation report in `csp-report.log` file.
### (Optional) Add other polices
You can add other polices using `Csp::addPolicy()`.
~~~php