Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/middlewares/csp

PSR-15 middleware to add the Content-Security-Policy header to the response
https://github.com/middlewares/csp

csp http middleware psr-15 security

Last synced: about 2 months ago
JSON representation

PSR-15 middleware to add the Content-Security-Policy header to the response

Host: GitHub
URL: https://github.com/middlewares/csp
Owner: middlewares
License: mit
Created: 2016-10-09T09:23:09.000Z (almost 8 years ago)
Default Branch: master
Last Pushed: 2021-10-29T16:12:42.000Z (almost 3 years ago)
Last Synced: 2024-07-13T13:22:39.789Z (2 months ago)
Topics: csp, http, middleware, psr-15, security
Language: PHP
Size: 36.1 KB
Stars: 15
Watchers: 2
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE

Awesome Lists containing this project

awesome-psr15-middlewares - middlewares/csp - Manage [Content-Security-Policies (CSP)](https://content-security-policy.com/). (Packages / Security)

README

        # middlewares/csp

[![Latest Version on Packagist][ico-version]][link-packagist]

[![Software License][ico-license]](LICENSE)

![Testing][ico-ga]

[![Total Downloads][ico-downloads]][link-downloads]

Middleware to add the [Content-Security-Policy](https://content-security-policy.com/) header to the response using [paragonie/csp-builder](https://github.com/paragonie/csp-builder) library.

## Requirements

* PHP >= 7.2

* A [PSR-7 http library](https://github.com/middlewares/awesome-psr15-middlewares#psr-7-implementations)

* A [PSR-15 middleware dispatcher](https://github.com/middlewares/awesome-psr15-middlewares#dispatcher)

## Installation

This package is installable and autoloadable via Composer as [middlewares/csp](https://packagist.org/packages/middlewares/csp).

```sh

composer require middlewares/csp

```

## Example

```php

use ParagonIE\CSPBuilder\CSPBuilder;

$csp = CSPBuilder::fromFile('/path/to/source.json');

Dispatcher::run([

    new Middlewares\Csp($csp)

]);

```

## Usage

Set the CSP builder to the constructor. See [paragonie/csp-builder](https://github.com/paragonie/csp-builder) for more info. If it's not provided, create a generic one with restrictive directives.

### legacy

To generate legacy CSP headers for old browsers (`X-Content-Security-Policy` and `X-Webkit-CSP`). By default is `true` but you can disabled it:

```php

$middleware = (new Middlewares\Csp($csp))->legacy(false);

```

## Helpers

### createFromFile

Shortcut to create instances using a json file:

```php

Dispatcher::run([

    Middlewares\Csp::createFromFile(__DIR__.'/csp-config.json')

]);

```

### createFromData

Shortcut to create instances using an array with data:

```php

Dispatcher::run([

    Middlewares\Csp::createFromData([

        'script-src' => ['self' => true],

        'object-src' => ['self' => true],

        'frame-ancestors' => ['self' => true],

    ])

]);

```

---

Please see [CHANGELOG](CHANGELOG.md) for more information about recent changes and [CONTRIBUTING](CONTRIBUTING.md) for contributing details.

The MIT License (MIT). Please see [LICENSE](LICENSE) for more information.

[ico-version]: https://img.shields.io/packagist/v/middlewares/csp.svg?style=flat-square

[ico-license]: https://img.shields.io/badge/license-MIT-brightgreen.svg?style=flat-square

[ico-ga]: https://github.com/middlewares/csp/workflows/testing/badge.svg

[ico-downloads]: https://img.shields.io/packagist/dt/middlewares/csp.svg?style=flat-square

[link-packagist]: https://packagist.org/packages/middlewares/csp

[link-downloads]: https://packagist.org/packages/middlewares/csp